Jump to content

My computer is infected, appears to be the Scorpion virus


dcw182
 Share

Recommended Posts

Boy oh boy do I need help --- it appears I have the scorpion virus on my computer.  I have never had a virus infection before, so this is throwing me for a loop.  I've read your instructions, (after I goofed and wrote on another forum --- sorry!), and have downloaded the dds.scr file and below are the results.  

 

I did follow an earlier forum and did what Kevin was advising them to do and it seemed to work, but I suspect the virus is still 'lurking' in the background.  So I want to be sure to clean it up completely.  

 

I appreciate any help you can give me.

 

 

 

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 09/02/10 10:31:28 PM

System Uptime: 12/04/13 10:43:57 AM (22 hours ago)

.

Motherboard: Dell Inc. |  | 021CN3

Processor: Intel® Core i3 CPU       M 350  @ 2.27GHz | U2E1 | 2266/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 112.176 GiB free.

D: is CDROM ()

Z: is NetworkDisk (NTFS) - 465 GiB total, 374.368 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 4500 G510n-z

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet 4500 G510n-z

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1294\9&18CAD2E3&0&041E641B27DF_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1294\9&18CAD2E3&0&041E641B27DF_C00000000

Service:

.

==== System Restore Points ===================

.

RP316: 11/27/13 4:38:36 PM - McAfee Vulnerability Scanner

RP317: 11/27/13 4:57:37 PM - Windows Update

RP318: 11/27/13 9:45:03 PM - Installed iTunes

RP319: 11/29/13 6:17:55 AM - Removed ScorpionSaver Services

RP320: 11/29/13 8:14:47 AM - Windows Update

RP321: 11/29/13 9:55:45 AM - Installed Microsoft Fix it 50123

RP322: 12/03/13 11:14:15 AM - Revo Uninstaller's restore point - ScorpionSaver

RP323: 12/03/13 11:14:57 AM - Removed ScorpionSaver

RP324: 12/03/13 11:19:02 AM - Revo Uninstaller's restore point - ScorpionSaver

RP325: 12/03/13 11:17:06 PM - Revo Uninstaller's restore point - RegCure Pro

.

==== Installed Programs ======================

.

 Update for Microsoft Office 2007 (KB2508958)

4500_G510gm_Help

4500_G510nz_Help

4500G510gm

4500G510gm_Software_Min

4500G510nz

4500G510nz_Software_Min

64 Bit HP CIO Components Installer

ABBYY FineReader for ScanSnap 4.0

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.05)

Advanced Audio FX Engine

AirPort

AOL Uninstaller (Choose which Products to Remove)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Banctec Service Agreement

Bonjour

Bonjour Print Services

BufferChm

Business Contact Manager for Outlook 2007 SP2

CameraHelperMsi

CardMinder

CardMinder V4.0

Conexant USB D400 V.92 Modem

Consumer In-Home Service Agreement

Cozi

Crystal Reports Basic Runtime for Visual Studio 2008

D3DX10

Data Lifeguard Diagnostic for Windows

DataMask by AOL

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Dock

Dell Driver Download Manager

Dell Edoc Viewer

Dell Getting Started Guide

Dell Support Center

Dell Webcam Central

Destinations

DeviceDiscovery

DocMgr

DocProc

Documents To Go Desktop for iPhone

DriverUpdate

Dropbox

DW WLAN Card

EDDI-7

eReg

Fax

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

HP Customer Participation Program 13.0

hp deskjet 5550 series (Remove only)

HP Document Manager 2.0

HP Imaging Device Functions 13.0

HP Officejet 4500 G510g-m

HP Officejet 4500 G510n-z

hp print screen utility

HP Smart Web Printing 4.5

HP Solution Center 13.0

HP Update

HPProductAssistant

iCloud

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

iPhone Configuration Utility

IrfanView (remove only)

iTunes

Java 7 Update 45

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

Logitech SetPoint 6.61

Logitech Unifying Software 2.10

Logitech Vid HD

Logitech Webcam Software

LoJack Factory Installer

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.75.0.1300

MarketResearch

McAfee SecurityCenter

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Office 2000 Professional

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010

Microsoft Office Accounting 2008

Microsoft Office Accounting 2008 Equifax Addin

Microsoft Office Accounting 2008 Fixed Asset Manager

Microsoft Office Accounting 2008 PayPal Addin

Microsoft Office Accounting ADP Payroll Addin

Microsoft Office Excel MUI (English) 2007

Microsoft Office Live Meeting 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

Mobile Partner

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Network64

OCR Software by I.R.I.S. 13.0

PowerDVD DX

Quickset64

QuickTime

Realtek High Definition Audio Driver

Revo Uninstaller 1.95

Rosetta Stone Version 3

Roxio Burn

RTC Client API v1.2

Safari

Scan

Scan to Microsoft SharePoint

ScanSnap

ScanSnap Manager

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition

SentryBay Update Helper

Shared C Run-time for x64

Skype™ 6.3

SmartWebPrinting

SolutionCenter

Status

Synaptics Pointing Device Driver

System Checkup 3.4

Toolbox

TrayApp

Uninstall AOL Emergency Connect Utility 1.0

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

WD Anywhere Backup

WD Drive Manager (x64)

WD SmartWare

WebReg

Webshots Desktop

WIDCOMM Bluetooth Software

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Migration Assistant

Yahoo! Messenger

Zip Extractor Packages

.

==== Event Viewer Messages From Past Week ========

.

12/05/13 7:05:18 AM, Error: Service Control Manager [7024]  - The Windows Firewall service terminated with service-specific error Access is denied..

12/05/13 7:05:18 AM, Error: Service Control Manager [7001]  - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error:  The service has returned a service-specific error code.

12/05/13 7:04:15 AM, Error: BTHUSB [17]  - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

12/03/13 7:12:35 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

12/03/13 7:08:34 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

12/03/13 7:07:40 PM, Error: Service Control Manager [7000]  - The vToolbarUpdater17.1.3 service failed to start due to the following error:  The system cannot find the file specified.

12/03/13 7:07:35 PM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891

12/03/13 7:07:35 PM, Error: Service Control Manager [7000]  - The iolo System Service service failed to start due to the following error:  The system cannot find the file specified.

12/03/13 4:50:14 PM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/03/13 3:36:08 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee Proxy Service service to connect.

12/03/13 3:36:08 PM, Error: Service Control Manager [7000]  - The McAfee Proxy Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

12/03/13 3:36:07 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee Home Network service to connect.

12/03/13 3:36:07 PM, Error: Service Control Manager [7000]  - The McAfee Home Network service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

12/03/13 10:17:46 AM, Error: Service Control Manager [7003]  - The McAfee Proxy Service service depends the following service: MfeFire. This service might not be installed.

12/02/13 3:55:16 PM, Error: Service Control Manager [7034]  - The vToolbarUpdater17.1.3 service terminated unexpectedly.  It has done this 1 time(s).

11/29/13 10:42:22 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0826: Update for Windows 7 for x64-based Systems (KB2709981).

11/29/13 10:42:22 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Windows 7 for x64-based Systems (KB2592687).

11/29/13 10:29:58 AM, Error: Service Control Manager [7031]  - The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/28/13 12:36:46 AM, Error: Service Control Manager [7031]  - The McAfee Anti-Malware Core service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

.

==== End Of File ===========================

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2

Run by Debbie at 8:16:59 on 2013-12-05

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.1914 [GMT -6:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files\McAfee\MSC\McAPExe.exe

C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe

C:\Program Files (x86)\AOL\DataMask by AOL\epservice.exe

C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Western Digital\WD SmartWare\WDFME.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\AOL\DataMask by AOL\ep.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\PROGRA~2\Webshots\315~1.761\webshots.scr

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files (x86)\Common Files\aol\1283495046\ee\aolsoftware.exe

C:\Users\Debbie\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe

C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

C:\Program Files (x86)\Safari\Safari.exe

C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

mWinlogon: Userinit = userinit.exe,

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

StartupFolder: C:\Users\Debbie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Webshots.lnk - C:\Program Files (x86)\Webshots\3.1.5.7619\Launcher.exe

StartupFolder: C:\Users\Debbie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_UNINS~1.LNK - C:\Users\Debbie\AppData\Local\Temp\_uninst_05648578.bat

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: NameServer = 10.0.1.1

TCP: Interfaces\{DEF8C239-858D-49C5-BFDF-92BF434FE2C0} : DHCPNameServer = 10.0.1.1

TCP: Interfaces\{DEF8C239-858D-49C5-BFDF-92BF434FE2C0}\2456C6B696E6F5E4B2F5339393835343 : DHCPNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{DEF8C239-858D-49C5-BFDF-92BF434FE2C0}\2456C6B696E6F5E4F575962756C6563737F5141413145473 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{DEF8C239-858D-49C5-BFDF-92BF434FE2C0}\2656C6B696E6E2639323 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{DEF8C239-858D-49C5-BFDF-92BF434FE2C0}\3444350502255616C6543747164756 : DHCPNameServer = 172.16.42.1

TCP: Interfaces\{DEF8C239-858D-49C5-BFDF-92BF434FE2C0}\54E636C6166756022456C6B696E6 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{DEF8C239-858D-49C5-BFDF-92BF434FE2C0}\56E636C6166756B656973747F6E656 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{DEF8C239-858D-49C5-BFDF-92BF434FE2C0}\C696E6B6379737 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{EB3C3786-2687-48D1-A91F-6B79079133A9} : DHCPNameServer = 192.168.1.2

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: DataMask by AOL: {3955aa73-8c60-4a9b-acdb-0c2edb1b6748} - C:\Program Files (x86)\AOL\DataMask by AOL\epbho64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

x64-BHO: DataMask by AOL: {ff507020-a257-4527-a222-b6f5732e55ee} - C:\Program Files (x86)\AOL\DataMask by AOL\plbho64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll

x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-9-24 782360]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-9-24 343696]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-7-12 55280]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-10-21 46368]

R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2013-9-20 30752]

R2 EntryProtect;DataMask by AOL;C:\Program Files (x86)\AOL\DataMask by AOL\epservice.exe [2013-4-30 45896]

R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-12-3 328928]

R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-12-3 178048]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-12-3 328928]

R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-12-3 328928]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-12-3 328928]

R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2009-11-12 25824]

R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-12-3 1017016]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-12-3 219272]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-12-3 182752]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-7-12 1692480]

R2 WDFMEService;WDFMEService;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-8-1 1978256]

R2 WDRulesService;WDRulesService;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-8-1 1338256]

R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2010-7-12 20984]

R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-7-12 35104]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-7-12 172704]

R3 epfilter;epfilter;C:\Windows\System32\drivers\epfilter.sys [2012-5-26 21312]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-12 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-7-12 158720]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-7-12 271872]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-7-12 74280]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-9-24 311120]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-9-24 519576]

R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-9-20 390552]

R3 SaiH8000;SaiH8000;C:\Windows\System32\drivers\SaiH8000.sys [2008-4-4 178560]

S2 0280411386215376mcinstcleanup;McAfee Application Installer Cleanup (0280411386215376);C:\Windows\TEMP\028041~1.EXE -cleanup -nolog --> C:\Windows\TEMP\028041~1.EXE -cleanup -nolog [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S2 ioloSystemService;iolo System Service;"C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" --> C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [?]

S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-12-3 328928]

S2 vToolbarUpdater17.1.3;vToolbarUpdater17.1.3;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [?]

S3 acfva;acfva;C:\Windows\System32\drivers\ACFVA64.sys [2010-10-6 121856]

S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-9-24 70112]

S3 dgcfltr;DGC Filter Driver;C:\Windows\System32\drivers\ACFDCP64.sys [2010-10-6 35200]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-12-3 197704]

S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2011-5-7 114304]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-27 111616]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-23 77592]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-23 13080]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-8-19 351136]

S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-8-19 4869024]

S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-9-20 95984]

S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-11-17 25072]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-12 232992]

S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-10-28 16152]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-31 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-4 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]

S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-7-12 98208]

S4 AGCoreService;AG Core Services;"C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe" --> C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe [?]

S4 sbupdate;AOL Update Service (sbupdate);C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe [2012-5-26 129904]

S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S4 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]

S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-12 2320920]

S4 WDBtnMgrSvc.exe;WD Drive Manager Service;C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-7-24 118272]

S4 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]

S4 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

.

=============== Created Last 30 ================

.

2013-12-04 05:00:16   --------  d-----w-            C:\Users\Debbie\AppData\Roaming\ParetoLogic

2013-12-04 05:00:16   --------  d-----w-            C:\Users\Debbie\AppData\Roaming\DriverCure

2013-12-04 04:59:40   --------  d-----w-            C:\ProgramData\ParetoLogic

2013-12-03 20:26:43   --------  d-----w-            C:\_OTM

2013-12-03 18:32:49   25928  ----a-w-            C:\Windows\System32\drivers\mbam.sys

2013-12-03 18:32:48   --------  d-----w-            C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-03 17:28:23   --------  d-----w-            C:\AdwCleaner

2013-12-03 17:07:41   --------  d-----w-            C:\Program Files (x86)\VS Revo Group

2013-12-03 16:19:41   197704            ----a-w-            C:\Windows\System32\drivers\HipShieldK.sys

2013-12-03 16:18:07   --------  d-----w-            C:\Program Files (x86)\McAfee.com

2013-12-03 16:17:29   --------  d-----w-            C:\Program Files\McAfee.com

2013-12-03 16:17:26   --------  d-----w-            C:\Program Files (x86)\McAfee

2013-12-03 15:36:38   182752            ----a-w-            C:\Windows\System32\mfevtps.exe

2013-11-29 14:16:36   --------  d-----w-            C:\Windows\Migration

2013-11-29 06:25:45   --------  d-----w-            C:\Users\Debbie\AppData\Roaming\Malwarebytes

2013-11-29 06:25:13   --------  d-----w-            C:\ProgramData\Malwarebytes

2013-11-29 06:23:13   --------  d-----w-            C:\Users\Debbie\AppData\Local\Programs

2013-11-29 05:22:45   --------  d-----w-            C:\Users\Debbie\AppData\Roaming\McAFee TechCheck

2013-11-29 05:20:24   244416            ----a-w-            C:\Windows\SysWow64\Msflxgrd.ocx

2013-11-29 05:20:24   203976            ----a-w-            C:\Windows\SysWow64\RICHTX32.OCX

2013-11-29 05:20:19   --------  d-----w-            C:\Users\Debbie\AppData\Roaming\TechCheck

2013-11-28 15:50:07   --------  d-----w-            C:\Program Files\Common Files\McAfee

2013-11-28 15:24:00   --------  d-----w-            C:\Program Files\stinger

2013-11-28 03:51:01   --------  d-----w-            C:\Program Files\iPod

2013-11-28 03:51:00   --------  d-----w-            C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-11-28 03:51:00   --------  d-----w-            C:\Program Files\iTunes

2013-11-28 03:51:00   --------  d-----w-            C:\Program Files (x86)\iTunes

2013-11-28 02:10:50   439296            ----a-w-            C:\Windows\System32\AdpeakProxy64.dll

2013-11-28 02:10:47   338944            ----a-w-            C:\Windows\SysWow64\AdpeakProxy.dll

2013-11-27 22:52:19   96168  ----a-w-            C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-11-15 19:51:58   --------  d-----w-            C:\bbc32f117dc597ff11b76deb

2013-11-15 02:49:39   1474048          ----a-w-            C:\Windows\System32\crypt32.dll

2013-11-15 02:49:38   1168384          ----a-w-            C:\Windows\SysWow64\crypt32.dll

2013-11-15 02:49:22   497152            ----a-w-            C:\Windows\System32\drivers\afd.sys

2013-11-15 02:49:16   1930752          ----a-w-            C:\Windows\System32\authui.dll

2013-11-15 02:49:15   197120            ----a-w-            C:\Windows\System32\credui.dll

2013-11-15 02:49:15   190464            ----a-w-            C:\Windows\System32\SmartcardCredentialProvider.dll

2013-11-15 02:49:15   1796096          ----a-w-            C:\Windows\SysWow64\authui.dll

2013-11-15 02:49:14   168960            ----a-w-            C:\Windows\SysWow64\credui.dll

2013-11-15 02:49:14   152576            ----a-w-            C:\Windows\SysWow64\SmartcardCredentialProvider.dll

.

==================== Find3M  ====================

.

2013-12-04 01:12:32   16152  ----a-w-            C:\Windows\System32\drivers\SWDUMon.sys

2013-11-27 22:44:47   71048  ----a-w-            C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-11-27 22:44:47   692616            ----a-w-            C:\Windows\SysWow64\FlashPlayerApp.exe

2013-11-21 12:52:33   46368  ----a-w-            C:\Windows\System32\drivers\avgtpx64.sys

2013-11-18 18:07:59   18960  ----a-w-            C:\Windows\System32\drivers\LNonPnP.sys

2013-11-04 22:51:44   70112  ----a-w-            C:\Windows\System32\drivers\cfwids.sys

2013-11-04 22:46:34   343696            ----a-w-            C:\Windows\System32\drivers\mfewfpk.sys

2013-11-04 22:43:04   782360            ----a-w-            C:\Windows\System32\drivers\mfehidk.sys

2013-11-04 22:41:22   519576            ----a-w-            C:\Windows\System32\drivers\mfefirek.sys

2013-11-04 22:40:00   311120            ----a-w-            C:\Windows\System32\drivers\mfeavfk.sys

2013-11-04 22:39:20   179792            ----a-w-            C:\Windows\System32\drivers\mfeapfk.sys

2013-10-20 15:31:16   17813896        ----a-w-            C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-10-12 02:30:42   830464            ----a-w-            C:\Windows\System32\nshwfp.dll

2013-10-12 02:29:21   859648            ----a-w-            C:\Windows\System32\IKEEXT.DLL

2013-10-12 02:29:08   324096            ----a-w-            C:\Windows\System32\FWPUCLNT.DLL

2013-10-12 02:03:08   656896            ----a-w-            C:\Windows\SysWow64\nshwfp.dll

2013-10-12 02:01:25   216576            ----a-w-            C:\Windows\SysWow64\FWPUCLNT.DLL

2013-10-03 02:23:48   404480            ----a-w-            C:\Windows\System32\gdi32.dll

2013-10-03 02:00:44   311808            ----a-w-            C:\Windows\SysWow64\gdi32.dll

2013-09-25 02:26:40   95680  ----a-w-            C:\Windows\System32\drivers\ksecdd.sys

2013-09-25 02:26:40   154560            ----a-w-            C:\Windows\System32\drivers\ksecpkg.sys

2013-09-25 02:25:24   182752            ----a-w-            C:\Windows\System32\mfevtps.exe.82a7.deleteme

2013-09-25 02:23:33   28672  ----a-w-            C:\Windows\System32\sspisrv.dll

2013-09-25 02:23:33   135680            ----a-w-            C:\Windows\System32\sspicli.dll

2013-09-25 02:23:01   28160  ----a-w-            C:\Windows\System32\secur32.dll

2013-09-25 02:22:59   340992            ----a-w-            C:\Windows\System32\schannel.dll

2013-09-25 02:21:50   307200            ----a-w-            C:\Windows\System32\ncrypt.dll

2013-09-25 02:21:07   1447936          ----a-w-            C:\Windows\System32\lsasrv.dll

2013-09-25 01:58:17   96768  ----a-w-            C:\Windows\SysWow64\sspicli.dll

2013-09-25 01:57:26   22016  ----a-w-            C:\Windows\SysWow64\secur32.dll

2013-09-25 01:57:24   247808            ----a-w-            C:\Windows\SysWow64\schannel.dll

2013-09-25 01:56:42   220160            ----a-w-            C:\Windows\SysWow64\ncrypt.dll

2013-09-25 01:03:24   30720  ----a-w-            C:\Windows\System32\lsass.exe

2013-09-20 15:38:30   10856  ----a-w-            C:\Windows\System32\drivers\mfeclnrk.sys

2013-09-20 15:38:14   95984  ----a-w-            C:\Windows\System32\drivers\mfencrk.sys

2013-09-20 15:37:56   390552            ----a-w-            C:\Windows\System32\drivers\mfencbdc.sys

2013-09-17 15:29:48   30752  ----a-w-            C:\Windows\System32\drivers\ElRawDsk.sys

2013-09-12 03:21:54   863344            ----a-w-            C:\Windows\SysWow64\msvcr110_clr0400.dll

2013-09-12 03:21:54   501872            ----a-w-            C:\Windows\SysWow64\msvcp110_clr0400.dll

2013-09-12 03:21:54   28776  ----a-w-            C:\Windows\SysWow64\aspnet_counters.dll

2013-09-12 03:21:54   18000  ----a-w-            C:\Windows\SysWow64\msvcr100_clr0400.dll

2013-09-12 01:39:06   855664            ----a-w-            C:\Windows\System32\msvcr110_clr0400.dll

2013-09-12 01:39:06   614000            ----a-w-            C:\Windows\System32\msvcp110_clr0400.dll

2013-09-12 01:39:06   30312  ----a-w-            C:\Windows\System32\aspnet_counters.dll

2013-09-12 01:39:06   18000  ----a-w-            C:\Windows\System32\msvcr100_clr0400.dll

2013-09-09 07:57:00   829264            ----a-w-            C:\Windows\System32\msvcr100.dll

2013-09-09 07:57:00   608080            ----a-w-            C:\Windows\System32\msvcp100.dll

2013-09-08 02:30:37   1903552          ----a-w-            C:\Windows\System32\drivers\tcpip.sys

2013-09-08 02:27:14   327168            ----a-w-            C:\Windows\System32\mswsock.dll

2013-09-08 02:03:58   231424            ----a-w-            C:\Windows\SysWow64\mswsock.dll

2013-09-07 19:40:30   58696  ----a-w-            C:\Windows\SysWow64\AOLParconLink.exe

2013-09-07 17:20:39   348160            ----a-w-            C:\Windows\SysWow64\msvcr71.dll

2013-09-07 17:20:37   499712            ----a-w-            C:\Windows\SysWow64\msvcp71.dll

2012-01-06 19:41:14   14848  ----a-w-            C:\Program Files (x86)\EDDI7.vshost.exe

2012-01-06 19:40:06   10718208        ----a-w-            C:\Program Files (x86)\EDDI7.exe

2012-01-06 19:40:04   71168  ----a-w-            C:\Program Files (x86)\TRIBUTA_LN.DLL

2012-01-06 19:40:04   281600            ----a-w-            C:\Program Files (x86)\TRIBUTA_EN.DLL

2012-01-06 19:40:04   17408  ----a-w-            C:\Program Files (x86)\TRIBUTA_AD.DLL

2011-08-25 15:58:52   17920  ----a-w-            C:\Program Files (x86)\Microsoft.VisualStudio.HostingProcess.Utilities.Sync.dll

2011-04-05 17:23:52   18702336        ----a-w-            C:\Program Files (x86)\CRRedist2008_x86.exe

2011-02-19 03:54:14   3518464          ----a-w-            C:\Program Files (x86)\itextsharp.DLL

.

============= FINISH:  8:18:10.62 ===============

Link to post
Share on other sites

Welcome to the forum, first.....try to uninstall it from your add/remove programs.

Then........

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Next........

Clean out temp files by using disk cleanup or.........

Download, install and run CCleaner free to clean out temp files.
Here's a Tutorial if needed.
You may want to uncheck "cookies" and please stay away from the registry cleaner.

Last......

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  • MrC
Link to post
Share on other sites

Thanks!  I'm learning so much and this forum is a wonderful tool.

I went to uninstall from add/remove programs and it was not there (I had done this earlier)

I ran AdwCleaner.exe and followed your directions.  My computer went into a checkdisk mode and took hours to reboot, which may be what it was supposed to do.  Now my computer is running very slowly!  

 

Here is the logfile report:

 

# AdwCleaner v3.014 - Report created 05/12/2013 at 23:04:10

# Updated 01/12/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Debbie - DEBBIE-DELL

# Running from : C:\Users\Debbie\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\ParetoLogic

Folder Deleted : C:\Users\Debbie\AppData\Roaming\DriverCure

Folder Deleted : C:\Users\Debbie\AppData\Roaming\ParetoLogic

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\ParetoLogic

Key Deleted : HKLM\Software\ParetoLogic

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Mozilla Firefox v

 

[ File : C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\prefs.js ]

 

 

-\\ Google Chrome v

 

[ File : C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [36566 octets] - [03/12/2013 11:29:08]

AdwCleaner[R1].txt - [1002 octets] - [03/12/2013 15:11:03]

AdwCleaner[R2].txt - [1403 octets] - [05/12/2013 22:57:13]

AdwCleaner[s0].txt - [35657 octets] - [03/12/2013 11:50:46]

AdwCleaner[s1].txt - [1063 octets] - [03/12/2013 15:12:27]

AdwCleaner[s2].txt - [1295 octets] - [05/12/2013 23:04:10]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1355 octets] ##########

 

==========================

WOW, it 3 hours and 20 minutes to do the QUICK scan.  My computer is SO slow and is a mess right now.  Here is the report :

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.12.06.04

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16428

Debbie :: DEBBIE-DELL [administrator]

 

12/06/13 7:15:54 AM

mbam-log-2013-12-06 (07-15-54).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 217021

Time elapsed: 3 hour(s), 21 minute(s), 53 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 4

C:\Temp\InstallServices64.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.

C:\Temp\ScorpionSaver.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.

C:\Windows\System32\AdpeakProxy.dll (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\AdpeakProxy.dll (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.

 

(end)

 

=============================

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-12-2013

Ran by Debbie (administrator) on DEBBIE-DELL on 06-12-2013 12:05:09

Running from C:\Users\Debbie\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe

(Memeo) C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe

(AOL) C:\Program Files (x86)\AOL\DataMask by AOL\epservice.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe

(AOL) C:\Program Files (x86)\AOL\DataMask by AOL\ep.exe

(AOL) C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe

(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Webshots.com) C:\Program Files (x86)\Webshots\3.1.5.7619\Webshots.scr

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe

(Apple Inc.) C:\Program Files (x86)\Safari\Safari.exe

(Apple Inc.) C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)

HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-13] (Dell)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)

HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)

MountPoints2: E - E:\LaunchU3.exe -a

MountPoints2: H - H:\LaunchU3.exe -a

MountPoints2: {056b6265-78ff-11e0-be3b-c44619fd34a2} - E:\AutoRun.exe

MountPoints2: {056b6270-78ff-11e0-be3b-c44619fd34a2} - E:\AutoRun.exe

MountPoints2: {056b627d-78ff-11e0-be3b-c44619fd34a2} - E:\AutoRun.exe

MountPoints2: {097a27df-6baf-11e0-b9c1-c44619fd34a2} - E:\AutoRun.exe

MountPoints2: {097a2803-6baf-11e0-b9c1-c44619fd34a2} - E:\AutoRun.exe

MountPoints2: {2e3ae15a-f82f-11e0-9a34-c44619fd34a2} - "E:\WD SmartWare.exe" autoplay=true

MountPoints2: {3a03f7dd-6df0-11e0-9c28-00038a000015} - E:\AutoRun.exe

MountPoints2: {3a03f7e9-6df0-11e0-9c28-00038a000015} - E:\AutoRun.exe

MountPoints2: {4c86b20b-ea9e-11df-aca7-00038a000015} - "E:\WD SmartWare.exe" autoplay=true

MountPoints2: {a6b050e8-3bac-11e1-9810-c44619fd34a2} - H:\LaunchU3.exe -a

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)

Startup: C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk

ShortcutTarget: Webshots.lnk -> C:\Program Files (x86)\Webshots\3.1.5.7619\Launcher.exe (Webshots.com)

Startup: C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_05648578.lnk

ShortcutTarget: _uninst_05648578.lnk -> C:\Users\Debbie\AppData\Local\Temp\_uninst_05648578.bat (No File)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)

BootExecute: autocheck autochk /p \??\F:autocheck autochk *

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://kolbi.msn.com/?rd=1&ucc=CR&dcc=CR&opt=0

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x760B2275FDECCE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

SearchScopes: HKCU - {907C29F0-1F7C-41DE-B59B-CF7830BD034C} URL =

BHO: DataMask by AOL - {3955aa73-8c60-4a9b-acdb-0c2edb1b6748} - C:\Program Files (x86)\AOL\DataMask by AOL\epbho64.dll (AOL)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

BHO: DataMask by AOL - {ff507020-a257-4527-a222-b6f5732e55ee} - C:\Program Files (x86)\AOL\DataMask by AOL\plbho64.dll (AOL)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU - No Name - {8413196D-E290-4418-B5C6-A3B1379A909C} -  No File

Toolbar: HKCU - No Name - {F999A48B-1950-4D81-9971-79018F807B4B} -  No File

DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File

Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File

Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)

Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default

FF Keyword.URL: user_pref("keyword.URL", "");

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()

FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @update.sentrybay.com/SentryBay Update;version=8 - C:\Program Files (x86)\SentryBay\Update\1.0.0.7621\npSentryBayOneClick8.dll (AOL)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: ScorpionSaver - C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\Extensions\ScorpionSaver@jetpack

FF HKLM\...\Firefox\Extensions: [sss@sentrybay.com] - C:\Program Files (x86)\AOL\DataMask by AOL\ffext

FF Extension: DataMask by AOL - C:\Program Files (x86)\AOL\DataMask by AOL\ffext

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF HKLM-x32\...\Firefox\Extensions: [sss@sentrybay.com] - C:\Program Files (x86)\AOL\DataMask by AOL\ffext

FF Extension: DataMask by AOL - C:\Program Files (x86)\AOL\DataMask by AOL\ffext

FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

 

Chrome:

=======

CHR HKLM-x32\...\Chrome\Extension: [bjaehcnihbogidpfieaepehilfecnodk] - C:\Program Files (x86)\AOL\DataMask by AOL\phishlock.crx

CHR HKLM-x32\...\Chrome\Extension: [kochbcmingebnmbcpbbpfpmipakoipge] - C:\Program Files (x86)\AOL\DataMask by AOL\phishlock.crx

 

==================== Services (Whitelisted) =================

 

R2 EntryProtect; C:\Program Files (x86)\AOL\DataMask by AOL\epservice.exe [45896 2013-04-30] (AOL)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)

S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 MemeoBackgroundService; C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [25824 2009-11-12] (Memeo)

R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.)

S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

S4 sbupdate; C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe [129904 2012-05-26] (AOL)

S4 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [118272 2008-07-24] (WDC)

R2 WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [1978256 2011-08-01] (Western Digital )

R2 WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [1338256 2011-08-01] (Western Digital )

S4 XAudioService; C:\Windows\system32\DRIVERS\ACFXAU64.exe [410624 2007-05-09] (Conexant Systems, Inc.)

S4 AGCoreService; "C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe" [x]

S2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [x]

S2 vToolbarUpdater17.1.3; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [x]

U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\   \...\???\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

 

==================== Drivers (Whitelisted) ====================

 

S3 acfva; C:\Windows\System32\DRIVERS\ACFVA64.sys [121856 2007-04-26] (Conexant Systems Inc.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-21] (AVG Technologies)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.)

S3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP64.sys [35200 2007-05-09] (Conexant Systems, Inc.)

R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-09-17] (EldoS Corporation)

R3 epfilter; C:\Windows\system32\drivers\epfilter.sys [21312 2013-08-12] (SentryBay)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)

S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)

R2 mdmxsdk; C:\Windows\System32\DRIVERS\ACFSDK64.sys [17024 2007-03-15] (Conexant)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.)

R3 SaiH8000; C:\Windows\System32\DRIVERS\SaiH8000.sys [178560 2008-04-04] (Saitek)

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-12-06] ()

R2 XAudio; C:\Windows\System32\DRIVERS\ACFXAU64.sys [10240 2007-05-09] (Conexant Systems, Inc.)

U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)

S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-12-06 12:05 - 2013-12-06 12:06 - 00018654 _____ C:\Users\Debbie\Downloads\FRST.txt

2013-12-06 12:05 - 2013-12-06 12:05 - 00000000 ____D C:\FRST

2013-12-06 12:04 - 2013-12-06 12:04 - 01925820 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64.exe

2013-12-06 01:37 - 2013-12-06 11:11 - 00000112 _____ C:\Windows\setupact.log

2013-12-06 01:37 - 2013-12-06 01:37 - 00000000 _____ C:\Windows\setuperr.log

2013-12-06 01:36 - 2013-12-06 01:36 - 00003544 ____N C:\bootsqm.dat

2013-12-05 23:02 - 2013-12-06 06:15 - 00000000 ____D C:\Users\Debbie\Desktop\Scorpion Forum clean up reports

2013-12-05 08:25 - 2013-12-05 08:25 - 00024210 _____ C:\Users\Debbie\Desktop\DDS -- from dds.scr download 2nd page.txt

2013-12-05 08:21 - 2013-12-05 08:21 - 00014403 _____ C:\Users\Debbie\Desktop\Attach - from dds.scr download.txt

2013-12-05 08:18 - 2013-12-05 08:18 - 00014403 _____ C:\Users\Debbie\Desktop\attach.txt

2013-12-05 08:15 - 2013-12-05 08:15 - 00688992 ____R (Swearware) C:\Users\Debbie\Downloads\dds.scr

2013-12-03 22:59 - 2013-12-03 22:59 - 00002722 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task

2013-12-03 22:55 - 2013-12-03 22:55 - 05162600 _____ (ParetoLogic, Inc.) C:\Users\Debbie\Downloads\Repair-tool.exe

2013-12-03 21:35 - 2013-12-03 21:37 - 22791896 _____ (Microsoft Corporation) C:\Users\Debbie\Downloads\Windows-KB890830-x64-V5.6.exe

2013-12-03 17:59 - 2013-12-03 18:49 - 00000000 ____D C:\Users\Debbie\Downloads\myuninst

2013-12-03 17:58 - 2013-12-03 17:58 - 00046124 _____ C:\Users\Debbie\Downloads\myuninst.zip

2013-12-03 16:14 - 2013-12-03 16:19 - 00015066 _____ C:\Users\Debbie\Downloads\SystemLook.txt

2013-12-03 14:26 - 2013-12-03 14:26 - 00000000 ____D C:\_OTM

2013-12-03 14:11 - 2013-12-03 14:11 - 00522240 _____ (OldTimer Tools) C:\Users\Debbie\Downloads\OTM.exe

2013-12-03 13:53 - 2013-12-06 06:47 - 00000000 ____D C:\Users\Debbie\Desktop\Virus instructions

2013-12-03 12:42 - 2013-12-03 12:42 - 00165376 _____ C:\Users\Debbie\Downloads\SystemLook_x64.exe

2013-12-03 12:32 - 2013-12-03 12:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-03 12:32 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-12-03 12:29 - 2013-12-03 12:30 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Debbie\Downloads\mbam-setup-1-1.75.0.1300.exe

2013-12-03 11:28 - 2013-12-05 23:04 - 00000000 ____D C:\AdwCleaner

2013-12-03 11:27 - 2013-12-03 11:27 - 01110034 _____ C:\Users\Debbie\Downloads\AdwCleaner.exe

2013-12-03 11:07 - 2013-12-03 11:07 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2013-12-03 10:19 - 2013-12-06 11:19 - 00001846 _____ C:\Users\Public\Desktop\McAfee Security Center.lnk

2013-12-03 10:19 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys

2013-12-03 10:18 - 2013-12-03 10:18 - 00000000 ____D C:\Program Files (x86)\McAfee.com

2013-12-03 10:17 - 2013-12-06 01:37 - 00000000 ____D C:\Program Files (x86)\McAfee

2013-12-03 10:17 - 2013-12-03 10:17 - 00000000 ____D C:\Program Files\McAfee.com

2013-12-03 09:36 - 2013-11-04 16:46 - 00182752 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe

2013-12-03 09:26 - 2013-12-03 09:36 - 05131824 _____ (McAfee, Inc.) C:\Users\Debbie\Downloads\McAfeeSetup-Serial.exe

2013-12-02 20:39 - 2013-12-02 20:44 - 00023235 _____ C:\Users\Debbie\Desktop\Oct - Dec 2014 BCR stmt.xlsx

2013-12-01 21:47 - 2013-12-02 12:56 - 00000000 ____D C:\Users\Debbie\Desktop\Eye

2013-11-29 00:25 - 2013-11-29 00:25 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Malwarebytes

2013-11-29 00:25 - 2013-11-29 00:25 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-11-29 00:22 - 2013-11-29 00:23 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Debbie\Downloads\mbam-setup-1.75.0.1300.exe

2013-11-28 23:22 - 2013-11-28 23:22 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\McAFee TechCheck

2013-11-28 23:20 - 2013-11-28 23:24 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\TechCheck

2013-11-28 23:20 - 2000-05-22 01:00 - 00244416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msflxgrd.ocx

2013-11-28 23:20 - 2000-05-22 01:00 - 00203976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX

2013-11-28 15:53 - 2013-12-02 18:36 - 00022825 _____ C:\Users\Debbie\Desktop\Monthly Payment Schedule 11-28-13.xlsx

2013-11-28 09:50 - 2013-12-03 10:18 - 00000000 ____D C:\Program Files\Common Files\McAfee

2013-11-28 09:24 - 2013-11-28 09:31 - 00000000 ____D C:\Program Files\stinger

2013-11-28 06:27 - 2013-11-28 06:27 - 00002004 _____ C:\Users\Debbie\Desktop\Workout List 8-7-13 - Shortcut.lnk

2013-11-27 21:51 - 2013-11-27 21:53 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-11-27 21:51 - 2013-11-27 21:52 - 00000000 ____D C:\Program Files\iTunes

2013-11-27 21:51 - 2013-11-27 21:52 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-11-27 21:51 - 2013-11-27 21:51 - 00000000 ____D C:\Program Files\iPod

2013-11-27 20:10 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll

2013-11-27 17:04 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE

2013-11-27 17:01 - 2013-11-27 17:01 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-11-27 17:01 - 2013-11-27 17:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-11-27 17:01 - 2013-11-27 17:01 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-11-27 17:01 - 2013-11-27 17:01 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-11-27 17:01 - 2013-11-27 17:01 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-11-27 17:01 - 2013-11-27 17:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2013-11-27 17:01 - 2013-11-27 17:01 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2013-11-27 17:01 - 2013-11-27 17:01 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-11-27 17:01 - 2013-11-27 17:01 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2013-11-27 17:01 - 2013-11-27 17:01 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-11-27 17:01 - 2013-11-27 17:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2013-11-27 16:58 - 2013-11-27 17:04 - 00007514 _____ C:\Windows\IE11_main.log

2013-11-27 16:52 - 2013-11-27 16:52 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-11-27 16:52 - 2013-11-27 16:52 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-11-25 22:20 - 2013-11-25 22:20 - 00006148 ____H C:\Users\Public\.DS_Store

2013-11-19 16:35 - 2013-11-27 08:02 - 00002429 _____ C:\Users\Debbie\Desktop\Scott's Weight - Shortcut.lnk

2013-11-15 13:51 - 2013-11-15 13:58 - 00000000 ____D C:\bbc32f117dc597ff11b76deb

2013-11-14 20:49 - 2013-10-05 14:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-11-14 20:49 - 2013-10-05 13:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-11-14 20:49 - 2013-10-03 20:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll

2013-11-14 20:49 - 2013-10-03 20:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll

2013-11-14 20:49 - 2013-10-03 20:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2013-11-14 20:49 - 2013-10-03 19:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll

2013-11-14 20:49 - 2013-10-03 19:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-11-14 20:49 - 2013-10-03 19:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll

2013-11-14 20:49 - 2013-09-27 19:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-11-14 20:48 - 2013-10-11 20:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll

2013-11-14 20:48 - 2013-10-11 20:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2013-11-14 20:48 - 2013-10-11 20:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2013-11-14 20:48 - 2013-10-11 20:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll

2013-11-14 20:48 - 2013-10-11 20:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL

2013-11-14 20:48 - 2013-10-02 20:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2013-11-14 20:48 - 2013-10-02 20:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2013-11-14 20:48 - 2013-09-24 20:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2013-11-14 20:48 - 2013-09-24 20:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2013-11-14 20:48 - 2013-09-24 20:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2013-11-14 20:48 - 2013-09-24 20:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2013-11-14 20:48 - 2013-09-24 20:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2013-11-14 20:48 - 2013-09-24 20:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2013-11-14 20:48 - 2013-09-24 20:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2013-11-14 20:48 - 2013-09-24 20:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2013-11-14 20:48 - 2013-09-24 19:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2013-11-14 20:48 - 2013-09-24 19:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2013-11-14 20:48 - 2013-09-24 19:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2013-11-14 20:48 - 2013-09-24 19:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2013-11-14 20:48 - 2013-09-24 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2013-11-14 20:48 - 2013-07-04 06:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

 

==================== One Month Modified Files and Folders =======

 

2014-09-26 09:28 - 2011-03-26 10:05 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher

2014-09-26 09:12 - 2011-03-26 10:05 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job

2014-09-26 09:07 - 2011-03-26 10:05 - 00003456 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest

2014-09-26 08:57 - 2011-03-26 10:05 - 00004276 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask

2013-12-06 12:06 - 2013-12-06 12:05 - 00018654 _____ C:\Users\Debbie\Downloads\FRST.txt

2013-12-06 12:05 - 2013-12-06 12:05 - 00000000 ____D C:\FRST

2013-12-06 12:04 - 2013-12-06 12:04 - 01925820 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64.exe

2013-12-06 12:02 - 2012-05-26 22:57 - 00000892 _____ C:\Windows\Tasks\SentryBayUpdateTaskMachineUA.job

2013-12-06 11:31 - 2012-04-09 23:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-12-06 11:24 - 2011-10-02 00:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-06 11:22 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-12-06 11:22 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-12-06 11:19 - 2013-12-03 10:19 - 00001846 _____ C:\Users\Public\Desktop\McAfee Security Center.lnk

2013-12-06 11:19 - 2009-07-13 23:10 - 02020452 _____ C:\Windows\WindowsUpdate.log

2013-12-06 11:16 - 2013-10-28 21:27 - 00002848 _____ C:\Windows\System32\Tasks\DriverUpdate Startup

2013-12-06 11:16 - 2013-10-28 21:27 - 00000420 _____ C:\Windows\Tasks\DriverUpdate Startup.job

2013-12-06 11:14 - 2013-10-28 21:27 - 00016152 _____ C:\Windows\system32\Drivers\SWDUMon.sys

2013-12-06 11:14 - 2011-10-02 00:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-06 11:14 - 2010-09-02 22:31 - 00000000 ____D C:\Users\Debbie\AppData\Local\SoftThinks

2013-12-06 11:14 - 2010-07-12 18:50 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks

2013-12-06 11:14 - 2010-07-12 18:50 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks

2013-12-06 11:14 - 2010-07-12 18:34 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup

2013-12-06 11:13 - 2012-05-26 22:57 - 00000888 _____ C:\Windows\Tasks\SentryBayUpdateTaskMachineCore.job

2013-12-06 11:11 - 2013-12-06 01:37 - 00000112 _____ C:\Windows\setupact.log

2013-12-06 11:11 - 2011-04-23 15:18 - 00065536 _____ C:\Windows\system32\Ikeext.etl

2013-12-06 11:11 - 2010-07-12 20:00 - 00357066 _____ C:\Windows\PFRO.log

2013-12-06 11:11 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-12-06 06:47 - 2013-12-03 13:53 - 00000000 ____D C:\Users\Debbie\Desktop\Virus instructions

2013-12-06 06:15 - 2013-12-05 23:02 - 00000000 ____D C:\Users\Debbie\Desktop\Scorpion Forum clean up reports

2013-12-06 01:37 - 2013-12-06 01:37 - 00000000 _____ C:\Windows\setuperr.log

2013-12-06 01:37 - 2013-12-03 10:17 - 00000000 ____D C:\Program Files (x86)\McAfee

2013-12-06 01:36 - 2013-12-06 01:36 - 00003544 ____N C:\bootsqm.dat

2013-12-05 23:05 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\tracing

2013-12-05 23:04 - 2013-12-03 11:28 - 00000000 ____D C:\AdwCleaner

2013-12-05 22:52 - 2012-04-19 12:37 - 00000000 ____D C:\Users\Debbie\AppData\Local\BCE66ED4-FCC7-4397-B8C3-53BA4963CEE9.aplzod

2013-12-05 08:25 - 2013-12-05 08:25 - 00024210 _____ C:\Users\Debbie\Desktop\DDS -- from dds.scr download 2nd page.txt

2013-12-05 08:21 - 2013-12-05 08:21 - 00014403 _____ C:\Users\Debbie\Desktop\Attach - from dds.scr download.txt

2013-12-05 08:18 - 2013-12-05 08:18 - 00014403 _____ C:\Users\Debbie\Desktop\attach.txt

2013-12-05 08:15 - 2013-12-05 08:15 - 00688992 ____R (Swearware) C:\Users\Debbie\Downloads\dds.scr

2013-12-05 07:40 - 2013-07-05 08:09 - 00000000 ____D C:\Users\Debbie\Desktop\Photos

2013-12-04 09:40 - 2009-07-13 23:13 - 00852936 _____ C:\Windows\system32\PerfStringBackup.INI

2013-12-03 22:59 - 2013-12-03 22:59 - 00002722 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task

2013-12-03 22:55 - 2013-12-03 22:55 - 05162600 _____ (ParetoLogic, Inc.) C:\Users\Debbie\Downloads\Repair-tool.exe

2013-12-03 21:55 - 2011-05-12 15:48 - 00018527 _____ C:\Users\Debbie\Desktop\To buy-bring to CR.xlsx

2013-12-03 21:37 - 2013-12-03 21:35 - 22791896 _____ (Microsoft Corporation) C:\Users\Debbie\Downloads\Windows-KB890830-x64-V5.6.exe

2013-12-03 21:24 - 2011-10-03 02:13 - 00000000 ___RD C:\Users\Debbie\Dropbox

2013-12-03 21:24 - 2011-10-03 02:09 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Dropbox

2013-12-03 18:49 - 2013-12-03 17:59 - 00000000 ____D C:\Users\Debbie\Downloads\myuninst

2013-12-03 17:58 - 2013-12-03 17:58 - 00046124 _____ C:\Users\Debbie\Downloads\myuninst.zip

2013-12-03 16:19 - 2013-12-03 16:14 - 00015066 _____ C:\Users\Debbie\Downloads\SystemLook.txt

2013-12-03 15:34 - 2012-08-21 13:52 - 00000000 ____D C:\ProgramData\McAfee

2013-12-03 14:26 - 2013-12-03 14:26 - 00000000 ____D C:\_OTM

2013-12-03 14:11 - 2013-12-03 14:11 - 00522240 _____ (OldTimer Tools) C:\Users\Debbie\Downloads\OTM.exe

2013-12-03 12:50 - 2011-02-12 00:07 - 00000000 ____D C:\Program Files (x86)\Safari

2013-12-03 12:42 - 2013-12-03 12:42 - 00165376 _____ C:\Users\Debbie\Downloads\SystemLook_x64.exe

2013-12-03 12:33 - 2013-12-03 12:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-03 12:30 - 2013-12-03 12:29 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Debbie\Downloads\mbam-setup-1-1.75.0.1300.exe

2013-12-03 11:27 - 2013-12-03 11:27 - 01110034 _____ C:\Users\Debbie\Downloads\AdwCleaner.exe

2013-12-03 11:07 - 2013-12-03 11:07 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2013-12-03 10:19 - 2013-10-08 23:57 - 00000000 ____D C:\Program Files\McAfee

2013-12-03 10:18 - 2013-12-03 10:18 - 00000000 ____D C:\Program Files (x86)\McAfee.com

2013-12-03 10:18 - 2013-11-28 09:50 - 00000000 ____D C:\Program Files\Common Files\McAfee

2013-12-03 10:17 - 2013-12-03 10:17 - 00000000 ____D C:\Program Files\McAfee.com

2013-12-03 09:36 - 2013-12-03 09:26 - 05131824 _____ (McAfee, Inc.) C:\Users\Debbie\Downloads\McAfeeSetup-Serial.exe

2013-12-02 22:23 - 2010-09-04 04:25 - 00000000 ___SD C:\Users\Debbie\Documents\My ScanSnap

2013-12-02 20:44 - 2013-12-02 20:39 - 00023235 _____ C:\Users\Debbie\Desktop\Oct - Dec 2014 BCR stmt.xlsx

2013-12-02 19:52 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF

2013-12-02 18:36 - 2013-11-28 15:53 - 00022825 _____ C:\Users\Debbie\Desktop\Monthly Payment Schedule 11-28-13.xlsx

2013-12-02 18:36 - 2013-10-10 14:10 - 00012174 _____ C:\Users\Debbie\Desktop\Jolani - Kathy & Greg Rental.xlsx

2013-12-02 12:56 - 2013-12-01 21:47 - 00000000 ____D C:\Users\Debbie\Desktop\Eye

2013-11-29 22:43 - 2009-08-20 03:09 - 00052224 _____ C:\Users\Debbie\Desktop\Nov. 25 - Dec. 1 , 2013 weekly schedule.xls

2013-11-29 16:54 - 2013-09-29 21:28 - 00000000 ____D C:\Users\Debbie\Desktop\Rental Statements

2013-11-29 13:17 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache

2013-11-29 10:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-11-29 08:19 - 2010-09-04 16:48 - 00842006 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-11-29 00:32 - 2013-10-22 00:17 - 00000095 _____ C:\Users\Debbie\AppData\Roaming\WB.CFG

2013-11-29 00:32 - 2009-08-20 00:17 - 00000006 _____ C:\Users\Debbie\AppData\Roaming\WBPU-TTL.DAT

2013-11-29 00:25 - 2013-11-29 00:25 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Malwarebytes

2013-11-29 00:25 - 2013-11-29 00:25 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-11-29 00:23 - 2013-11-29 00:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Debbie\Downloads\mbam-setup-1.75.0.1300.exe

2013-11-28 23:24 - 2013-11-28 23:20 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\TechCheck

2013-11-28 23:22 - 2013-11-28 23:22 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\McAFee TechCheck

2013-11-28 09:31 - 2013-11-28 09:24 - 00000000 ____D C:\Program Files\stinger

2013-11-28 06:27 - 2013-11-28 06:27 - 00002004 _____ C:\Users\Debbie\Desktop\Workout List 8-7-13 - Shortcut.lnk

2013-11-27 21:53 - 2013-11-27 21:51 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-11-27 21:52 - 2013-11-27 21:51 - 00000000 ____D C:\Program Files\iTunes

2013-11-27 21:52 - 2013-11-27 21:51 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-11-27 21:51 - 2013-11-27 21:51 - 00000000 ____D C:\Program Files\iPod

2013-11-27 21:35 - 2010-09-02 22:31 - 00000000 ___RD C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-11-27 19:03 - 2010-09-02 22:37 - 00001415 _____ C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-11-27 17:04 - 2013-11-27 16:58 - 00007514 _____ C:\Windows\IE11_main.log

2013-11-27 17:01 - 2013-11-27 17:01 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-11-27 17:01 - 2013-11-27 17:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-11-27 17:01 - 2013-11-27 17:01 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-11-27 17:01 - 2013-11-27 17:01 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-11-27 17:01 - 2013-11-27 17:01 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-11-27 17:01 - 2013-11-27 17:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2013-11-27 17:01 - 2013-11-27 17:01 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2013-11-27 17:01 - 2013-11-27 17:01 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-11-27 17:01 - 2013-11-27 17:01 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2013-11-27 17:01 - 2013-11-27 17:01 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-11-27 17:01 - 2013-11-27 17:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-11-27 17:01 - 2013-11-27 17:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-11-27 17:01 - 2013-11-27 17:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2013-11-27 16:52 - 2013-11-27 16:52 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-11-27 16:52 - 2013-11-27 16:52 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-11-27 16:52 - 2012-03-14 12:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-11-27 16:52 - 2012-03-14 12:02 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-11-27 16:52 - 2010-07-12 18:08 - 00000000 ____D C:\Program Files (x86)\Java

2013-11-27 16:49 - 2010-09-03 00:50 - 00000000 ____D C:\ProgramData\Skype

2013-11-27 16:44 - 2012-04-09 23:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-11-27 16:44 - 2012-04-09 23:46 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-11-27 16:44 - 2012-03-14 15:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-11-27 14:38 - 2013-05-02 23:28 - 00000000 ____D C:\Users\Debbie\Desktop\Airline Tickets used - refunded

2013-11-27 08:02 - 2013-11-19 16:35 - 00002429 _____ C:\Users\Debbie\Desktop\Scott's Weight - Shortcut.lnk

2013-11-25 22:20 - 2013-11-25 22:20 - 00006148 ____H C:\Users\Public\.DS_Store

2013-11-21 06:52 - 2013-10-21 23:15 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys

2013-11-19 21:25 - 2013-09-18 01:20 - 00000000 ____D C:\Users\Debbie\Desktop\CDSP Troy Mac servers

2013-11-19 19:21 - 2013-05-28 21:09 - 00013184 _____ C:\Users\Debbie\Desktop\Apple shortcuts.xlsx

2013-11-19 13:50 - 2009-07-13 22:54 - 00000749 ___RH C:\Windows\WindowsShell.Manifest

2013-11-19 13:50 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Public\Libraries

2013-11-18 13:41 - 2009-07-13 20:34 - 00000608 _____ C:\Windows\win.ini

2013-11-18 12:08 - 2013-08-07 21:53 - 00007545 _____ C:\Windows\LkmdfCoInst.log

2013-11-18 12:07 - 2013-08-07 21:53 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys

2013-11-15 14:32 - 2010-09-03 11:16 - 00000000 ____D C:\Users\Debbie\AppData\Local\Adobe

2013-11-15 14:00 - 2010-09-04 09:01 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-11-15 13:58 - 2013-11-15 13:51 - 00000000 ____D C:\bbc32f117dc597ff11b76deb

2013-11-15 13:58 - 2013-07-31 05:01 - 00000000 ____D C:\Windows\system32\MRT

2013-11-07 16:00 - 2010-09-04 18:05 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

ZeroAccess:

C:\Users\Debbie\AppData\Local\Google\Desktop\Install

ZeroAccess:

C:\Program Files (x86)\Google\Desktop\Install

 

Some content of TEMP:

====================

C:\Users\Debbie\AppData\Local\Temp\dhddur7u.dll

C:\Users\Debbie\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

 

 

LastRegBack: 2013-11-30 07:56

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2013


Ran by Debbie at 2013-12-06 12:06:54


Running from C:\Users\Debbie\Downloads


Boot Mode: Normal


==========================================================


 


 


==================== Security Center ========================


 


AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}


AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}


AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}


 


==================== Installed Programs ======================


 


 Update for Microsoft Office 2007 (KB2508958) (x32)


4500_G510gm_Help (x32 Version: 000.0.439.000)


4500_G510nz_Help (x32 Version: 000.0.439.000)


4500G510gm (x32 Version: 000.0.423.000)


4500G510gm_Software_Min (x32 Version: 000.0.423.000)


4500G510nz (x32 Version: 000.0.439.000)


4500G510nz_Software_Min (x32 Version: 000.0.423.000)


64 Bit HP CIO Components Installer (Version: 7.2.8)


ABBYY FineReader for ScanSnap 4.0 (x32 Version: 8.00.245.56422)


Adobe AIR (x32 Version: 2.7.1.19610)


Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.152)


Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)


Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)


Advanced Audio FX Engine (x32 Version: 1.12.05)


AirPort (x32 Version: 5.6.1.2)


AOL Uninstaller (Choose which Products to Remove) (x32)


Apple Application Support (x32 Version: 2.3.6)


Apple Mobile Device Support (Version: 7.0.0.117)


Apple Software Update (x32 Version: 2.1.3.127)


Banctec Service Agreement (x32 Version: 2.0.0)


Bonjour (Version: 3.0.0.10)


Bonjour Print Services (Version: 2.0.2.0)


BufferChm (x32 Version: 130.0.331.000)


Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1)


CameraHelperMsi (x32 Version: 13.25.1010.0)


CardMinder (x32 Version: V4.0L11)


CardMinder V4.0 (x32 Version: 4.0.11.1)


Conexant USB D400 V.92 Modem (Version: 2.0.12.50)


Consumer In-Home Service Agreement (x32 Version: 2.0.0)


Cozi (x32 Version: 1.0.4323.24051)


Crystal Reports Basic Runtime for Visual Studio 2008 (x32 Version: 10.5.2.0)


D3DX10 (x32 Version: 15.4.2368.0902)


Data Lifeguard Diagnostic for Windows (x32 Version: 1.13)


DataMask by AOL (x32 Version: 5.6.0.8734)


Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.60)


Dell DataSafe Local Backup (x32 Version: 9.4.60)


Dell DataSafe Online (x32 Version: 1.2.0009)


Dell Dock (Version: 2.0.0)


Dell Driver Download Manager (HKCU Version: 2.1.0.0)


Dell Edoc Viewer (Version: 1.0.0)


Dell Getting Started Guide (x32 Version: 1.00.0000)


Dell Support Center (Version: 3.0.5744.02)


Dell Webcam Central (x32 Version: 1.40.05)


Destinations (x32 Version: 130.0.0.0)


DeviceDiscovery (x32 Version: 130.0.372.000)


DocMgr (x32 Version: 130.0.000.000)


DocProc (x32 Version: 13.0.0.0)


Documents To Go Desktop for iPhone (x32 Version: 2.0000.006)


DriverUpdate (x32 Version: 2.2.30452)


Dropbox (HKCU Version: 2.0.22)


DW WLAN Card (Version: 5.60.48.35)


EDDI-7 (x32 Version: 1.2.0)


eReg (x32 Version: 1.20.138.34)


Fax (x32 Version: 130.0.418.000)


Google Toolbar for Internet Explorer (x32 Version: 1.0.0)


Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)


Google Update Helper (x32 Version: 1.3.21.165)


GPBaseService2 (x32 Version: 130.0.371.000)


HP Customer Participation Program 13.0 (Version: 13.0)


hp deskjet 5550 series (Remove only) (x32)


HP Document Manager 2.0 (Version: 2.0)


HP Imaging Device Functions 13.0 (Version: 13.0)


HP Officejet 4500 G510g-m (Version: 13.0)


HP Officejet 4500 G510n-z (Version: 13.0)


hp print screen utility (x32)


HP Smart Web Printing 4.5 (Version: 4.5)


HP Solution Center 13.0 (Version: 13.0)


HP Update (x32 Version: 4.000.011.006)


HPProductAssistant (x32 Version: 130.0.371.000)


iCloud (Version: 2.1.1.3)


Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2097)


Intel® Management Engine Components (x32 Version: 6.0.0.1179)


iPhone Configuration Utility (x32 Version: 3.6.2.300)


IrfanView (remove only) (x32 Version: 4.27)


iTunes (Version: 11.1.3.8)


Java 7 Update 45 (x32 Version: 7.0.450)


Java Auto Updater (x32 Version: 2.1.9.8)


Java 6 Update 31 (x32 Version: 6.0.310)


Junk Mail filter update (x32 Version: 15.4.3502.0922)


Logitech SetPoint 6.61 (Version: 6.61.15)


Logitech Unifying Software 2.10 (Version: 2.10.37)


Logitech Vid HD (x32 Version: 7.2 (7248))


Logitech Webcam Software (x32 Version: 2.0)


LoJack Factory Installer (x32 Version: 1.0.0)


LWS Facebook (x32 Version: 13.20.1166.0)


LWS Gallery (x32 Version: 13.20.1166.0)


LWS Help_main (x32 Version: 13.25.1016.0)


LWS Launcher (x32 Version: 13.20.1166.0)


LWS Motion Detection (x32 Version: 13.20.1176.0)


LWS Pictures And Video (x32 Version: 13.25.1010.0)


LWS Twitter (x32 Version: 13.20.1166.0)


LWS Video Mask Maker (x32 Version: 13.10.1216.0)


LWS VideoEffects (Version: 13.25.1005.0)


LWS Webcam Software (x32 Version: 13.20.1168.0)


LWS WLM Plugin (x32 Version: 1.20.1166.0)


LWS YouTube Plugin (x32 Version: 13.20.1166.0)


Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)


MarketResearch (x32 Version: 130.0.374.000)


McAfee SecurityCenter (x32 Version: 12.8.856)


Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)


Microsoft Application Error Reporting (Version: 12.0.6015.5000)


Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)


Microsoft Office 2000 Professional (x32 Version: 9.00.2720)


Microsoft Office 2003 Web Components (x32 Version: 11.0.8173.0)


Microsoft Office 2007 Primary Interop Assemblies (x32 Version: 12.0.4518.1014)


Microsoft Office 2007 Service Pack 3 (SP3) (x32)


Microsoft Office 2010 (x32 Version: 14.0.4763.1000)


Microsoft Office Accounting 2008 (x32 Version: 3.0.8627.1)


Microsoft Office Accounting 2008 Equifax Addin (x32 Version: 3.0.8231.0)


Microsoft Office Accounting 2008 Fixed Asset Manager (x32 Version: 3.0.8231.0)


Microsoft Office Accounting 2008 PayPal Addin (x32 Version: 3.0.8231.0)


Microsoft Office Accounting ADP Payroll Addin (x32 Version: 0.0.0.0)


Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)


Microsoft Office Live Meeting 2007 (x32 Version: 8.0.6362.201)


Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)


Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)


Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)


Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)


Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)


Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)


Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)


Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)


Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)


Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)


Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)


Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)


Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)


Microsoft Office Small Business 2007 (x32 Version: 12.0.6612.1000)


Microsoft Office Small Business Connectivity Components (x32 Version: 2.0.7024.0)


Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)


Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0)


Microsoft Silverlight (Version: 5.1.20913.0)


Microsoft SQL Server 2005 (x32)


Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)


Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.4.5000.00)


Microsoft SQL Server 2005 Tools Express Edition (x32 Version: 9.4.5000.00)


Microsoft SQL Server Native Client (Version: 9.00.5000.00)


Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.5000.00)


Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)


Microsoft VC9 runtime libraries (x32 Version: 1.0.0)


Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)


Microsoft Visual C++ 2005 Redistributable - KB2467175 (x32 Version: 8.0.51011)


Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.58299)


Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)


Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)


Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)


Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)


Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)


Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)


Mobile Partner (x32 Version: 11.302.09.05.540)


MSVCRT (x32 Version: 15.4.2862.0708)


MSVCRT_amd64 (x32 Version: 15.4.2862.0708)


MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)


MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)


Network64 (Version: 130.0.374.000)


Network64 (Version: 140.0.221.000)


OCR Software by I.R.I.S. 13.0 (Version: 13.0)


PowerDVD DX (x32 Version: 8.3.6029)


Quickset64 (Version: 10.5.1)


QuickTime (x32 Version: 7.74.80.86)


Realtek High Definition Audio Driver (x32 Version: 6.0.1.6039)


Revo Uninstaller 1.95 (x32 Version: 1.95)


Rosetta Stone Version 3 (x32 Version: 3.4.5.0)


Roxio Burn (x32 Version: 1.01)


RTC Client API v1.2 (x32 Version: 1.2.0000)


Safari (x32 Version: 5.34.57.2)


Scan (x32 Version: 13.0.0.0)


Scan to Microsoft SharePoint (x32 Version: 3.3.4)


ScanSnap (x32 Version: 5.0.12.4)


ScanSnap (x32 Version: 5.1.41.1)


ScanSnap Manager (x32 Version: V5.1L41)


SentryBay Update Helper (x32 Version: 1.0.0.7621)


Shared C Run-time for x64 (Version: 10.0.0)


Skype™ 6.3 (x32 Version: 6.3.105)


SmartWebPrinting (x32 Version: 130.0.373.000)


SolutionCenter (x32 Version: 130.0.373.000)


Status (x32 Version: 130.0.373.000)


Synaptics Pointing Device Driver (Version: 14.0.15.0)


System Checkup 3.4 (x32 Version: 3.4.0.47)


Toolbox (x32 Version: 130.0.648.000)


TrayApp (x32 Version: 130.0.376.000)


Uninstall AOL Emergency Connect Utility 1.0 (x32)


Update for 2007 Microsoft Office System (KB967642) (x32)


Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)


Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)


Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)


Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)


Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)


Update for Microsoft Office Excel 2007 Help (KB963678) (x32)


Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)


Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)


Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (x32)


Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)


Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)


Update for Microsoft Office Script Editor Help (KB963671) (x32)


Update for Microsoft Office Word 2007 Help (KB963665) (x32)


WD Anywhere Backup (x32)


WD Drive Manager (x64) (Version: 2.107)


WD SmartWare (Version: 1.2.0.8)


WD SmartWare (Version: 1.5.1)


WebReg (x32 Version: 130.0.132.017)


Webshots Desktop (x32 Version: 3.1.5.7619)


WIDCOMM Bluetooth Software (Version: 6.2.0.9600)


Windows Live Communications Platform (x32 Version: 15.4.3502.0922)


Windows Live Essentials (x32 Version: 15.4.3502.0922)


Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)


Windows Live Installer (x32 Version: 15.4.3502.0922)


Windows Live Language Selector (Version: 15.4.3502.0922)


Windows Live Mail (x32 Version: 15.4.3502.0922)


Windows Live Messenger (x32 Version: 15.4.3502.0922)


Windows Live MIME IFilter (Version: 15.4.3502.0922)


Windows Live Movie Maker (x32 Version: 15.4.3502.0922)


Windows Live Photo Common (x32 Version: 15.4.3502.0922)


Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)


Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)


Windows Live SOXE (x32 Version: 15.4.3502.0922)


Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)


Windows Live Sync (x32 Version: 14.0.8089.726)


Windows Live UX Platform (x32 Version: 15.4.3502.0922)


Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)


Windows Live Writer (x32 Version: 15.4.3502.0922)


Windows Live Writer Resources (x32 Version: 15.4.3502.0922)


Windows Migration Assistant (x32 Version: 1.0.1.3)


Yahoo! Messenger (x32)


Zip Extractor Packages (HKCU)


 


==================== Restore Points  =========================


 


27-11-2013 22:38:36 McAfee Vulnerability Scanner


27-11-2013 22:57:37 Windows Update


28-11-2013 03:45:03 Installed iTunes


29-11-2013 12:17:55 Removed ScorpionSaver Services


29-11-2013 14:14:47 Windows Update


29-11-2013 15:55:45 Installed Microsoft Fix it 50123


03-12-2013 17:14:15 Revo Uninstaller's restore point - ScorpionSaver


03-12-2013 17:14:57 Removed ScorpionSaver


03-12-2013 17:19:02 Revo Uninstaller's restore point - ScorpionSaver


04-12-2013 05:17:06 Revo Uninstaller's restore point - RegCure Pro


 


==================== Hosts content: ==========================


 


2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


 


==================== Scheduled Tasks (whitelisted) =============


 


Task: {2161D5C8-6CA9-4ADD-8150-763C11992774} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe


Task: {2527672F-FEB4-4073-A047-781C8A544017} - System32\Tasks\{8A7F67A0-535A-4BC4-870D-FFE13D0748DC} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)


Task: {525791B2-85E9-4366-8094-C1F906EFEA94} - System32\Tasks\SentryBayUpdateTaskMachineUA => C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe [2012-05-26] (AOL)


Task: {63860A29-97EE-4AB6-AC7E-02C828E64A18} - System32\Tasks\SentryBayUpdateTaskMachineCore => C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe [2012-05-26] (AOL)


Task: {6AB51355-9681-4926-BEC4-2C9CEA1918D6} - System32\Tasks\LoJack for Laptops Install => C:\Program Files (x86)\Absolute Software\LoJack Install\FactoryInstaller.exe [2009-11-26] (Absolute Software)


Task: {6DC3EF15-1FAA-4F71-9F95-3769662369B9} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2010-11-18] (PC-Doctor, Inc.)


Task: {759191FC-F8DB-48C4-BBA1-F5D48DD0DCE7} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2013-06-22] (SlimWare Utilities, Inc.)


Task: {7F874E8C-AD73-485B-BF3B-45029D96E2D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-27] (Adobe Systems Incorporated)


Task: {8005C2E5-84F9-475E-9109-0F050F486B0E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2010-11-18] (PC-Doctor, Inc.)


Task: {ABC33AA9-793D-4BBF-83B5-0C8E2F7D93FE} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2010-11-18] (PC-Doctor, Inc.)


Task: {D9ACB393-BE20-460D-B92F-C398899A3E93} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)


Task: {DA1312CA-80BE-4498-8CA6-723E420194E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02] (Google Inc.)


Task: {F47BC2A3-BF27-43B6-9BDE-5E4AA083732E} - \DigitalSite No Task File


Task: {FB647A03-4195-4866-A6C7-C6122CCE812A} - \BackgroundContainer Startup Task No Task File


Task: {FD16B632-4075-4DAB-88BF-7540AAC53D5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02] (Google Inc.)


Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe


Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe


Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe


Task: C:\Windows\Tasks\SentryBayUpdateTaskMachineCore.job => C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe


Task: C:\Windows\Tasks\SentryBayUpdateTaskMachineUA.job => C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe


Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe


 


==================== Loaded Modules (whitelisted) =============


 


2012-12-17 18:14 - 2012-12-17 18:14 - 00954848 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll


2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll


2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


2011-06-16 17:49 - 2011-06-16 17:49 - 00503296 _____ () C:\Program Files (x86)\AOL\DataMask by AOL\libxml2.dll


2013-04-30 16:31 - 2013-04-30 16:31 - 00293376 _____ () C:\Program Files (x86)\AOL\DataMask by AOL\libxmlsec.dll


2013-04-30 16:31 - 2013-04-30 16:31 - 00167936 _____ () C:\Program Files (x86)\AOL\DataMask by AOL\libxmlsec-mscrypto.dll


2010-07-12 18:34 - 2011-08-01 11:55 - 00132416 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll


2010-07-12 18:34 - 2011-08-01 11:54 - 01123648 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll


2010-07-12 18:34 - 2011-08-01 11:55 - 00079168 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll


2010-09-03 10:26 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll


2012-05-30 21:06 - 2012-05-30 21:06 - 00087912 _____ () C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll


2012-05-30 21:06 - 2012-05-30 21:06 - 01242512 _____ () C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll


 


==================== Alternate Data Streams (whitelisted) =========


 


AlternateDataStreams: C:\Users\Debbie\Desktop\Screen Shot 2013-10-31 at 8.34.57 PM.png:com.dropbox.attributes


AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo


 


==================== Safe Mode (whitelisted) ===================


 


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"


 


==================== Faulty Device Manager Devices =============


 


Name: Officejet 4500 G510n-z


Description: Officejet 4500 G510n-z


Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}


Manufacturer: HP


Service:


Problem: : This device is disabled. (Code 22)


Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


 


Name: Bluetooth Peripheral Device


Description: Bluetooth Peripheral Device


Class Guid:


Manufacturer:


Service:


Problem: : The drivers for this device are not installed. (Code 28)


Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


 


 


==================== Event log errors: =========================


 


Application errors:


==================


Error: (12/06/2013 11:55:25 AM) (Source: SideBySide) (User: )


Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.


A component version required by the application conflicts with another component version already active.


Conflicting components are:.


Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.


Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


 


Error: (12/06/2013 11:55:25 AM) (Source: SideBySide) (User: )


Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.


A component version required by the application conflicts with another component version already active.


Conflicting components are:.


Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.


Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


 


Error: (12/06/2013 11:36:24 AM) (Source: SideBySide) (User: )


Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.


A component version required by the application conflicts with another component version already active.


Conflicting components are:.


Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.


Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


 


Error: (12/06/2013 06:35:17 AM) (Source: Application Error) (User: )


Description: Faulting application name: DriverUpdate.exe, version: 2.2.30452.7890, time stamp: 0x51c6045c


Faulting module name: DriverUpdate.exe, version: 2.2.30452.7890, time stamp: 0x51c6045c


Exception code: 0xc0000005


Fault offset: 0x00021ad8


Faulting process id: 0xde0


Faulting application start time: 0xDriverUpdate.exe0


Faulting application path: DriverUpdate.exe1


Faulting module path: DriverUpdate.exe2


Report Id: DriverUpdate.exe3


 


Error: (12/04/2013 07:41:54 PM) (Source: Bonjour Service) (User: )


Description: Task Scheduling Error: m->NextScheduledSPRetry 24864922


 


Error: (12/04/2013 07:41:54 PM) (Source: Bonjour Service) (User: )


Description: Task Scheduling Error: m->NextScheduledEvent 24864922


 


Error: (12/04/2013 07:41:53 PM) (Source: Bonjour Service) (User: )


Description: Task Scheduling Error: Continuously busy for more than a second


 


Error: (12/04/2013 03:19:26 AM) (Source: SideBySide) (User: )


Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.


A component version required by the application conflicts with another component version already active.


Conflicting components are:.


Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.


Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


 


Error: (12/03/2013 09:04:55 PM) (Source: SideBySide) (User: )


Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.


A component version required by the application conflicts with another component version already active.


Conflicting components are:.


Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.


Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


 


Error: (12/03/2013 09:04:55 PM) (Source: SideBySide) (User: )


Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.


A component version required by the application conflicts with another component version already active.


Conflicting components are:.


Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.


Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


 


 


System errors:


=============


Error: (12/06/2013 11:17:07 AM) (Source: DCOM) (User: )


Description: {209500FC-6B45-4693-8871-6296C4843751}


 


Error: (12/06/2013 11:16:56 AM) (Source: Service Control Manager) (User: )


Description: The Windows Firewall service terminated with service-specific error %%5.


 


Error: (12/06/2013 11:16:56 AM) (Source: Service Control Manager) (User: )


Description: The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error:


%%1066


 


Error: (12/06/2013 11:14:16 AM) (Source: Service Control Manager) (User: )


Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.


 


Error: (12/06/2013 11:12:50 AM) (Source: DCOM) (User: NT AUTHORITY)


Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


 


Error: (12/06/2013 11:11:57 AM) (Source: Service Control Manager) (User: )


Description: The vToolbarUpdater17.1.3 service failed to start due to the following error:


%%2


 


Error: (12/06/2013 11:11:52 AM) (Source: Service Control Manager) (User: )


Description: The Function Discovery Resource Publication service terminated with the following error:


%%-2147024891


 


Error: (12/06/2013 11:11:52 AM) (Source: Service Control Manager) (User: )


Description: The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error:


%%1066


 


Error: (12/06/2013 11:11:52 AM) (Source: Service Control Manager) (User: )


Description: The iolo System Service service failed to start due to the following error:


%%2


 


Error: (12/06/2013 11:11:50 AM) (Source: Service Control Manager) (User: )


Description: The Windows Firewall service terminated with service-specific error %%5.


 


 


Microsoft Office Sessions:


=========================


Error: (09/26/2014 08:56:36 AM) (Source: Microsoft Office 12 Sessions)(User: )


Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 160994504 seconds with 540 seconds of active time.  This session ended with a crash.


 


Error: (06/11/2013 00:52:50 AM) (Source: Microsoft Office 12 Sessions)(User: )


Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 183650 seconds with 2700 seconds of active time.  This session ended with a crash.


 


Error: (03/17/2013 10:49:29 PM) (Source: Microsoft Office 12 Sessions)(User: )


Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 27777 seconds with 540 seconds of active time.  This session ended with a crash.


 


Error: (09/10/2012 02:05:04 AM) (Source: Microsoft Office 12 Sessions)(User: )


Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.


 


Error: (05/05/2012 10:11:11 AM) (Source: Microsoft Office 12 Sessions)(User: )


Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 477076 seconds with 11340 seconds of active time.  This session ended with a crash.


 


Error: (04/19/2012 10:59:48 PM) (Source: Microsoft Office 12 Sessions)(User: )


Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 51799 seconds with 12960 seconds of active time.  This session ended with a crash.


 


Error: (03/14/2012 03:20:27 AM) (Source: Microsoft Office 12 Sessions)(User: )


Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 147764 seconds with 1440 seconds of active time.  This session ended with a crash.


 


Error: (01/12/2012 04:24:11 AM) (Source: Microsoft Office 12 Sessions)(User: )


Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 54734 seconds with 1620 seconds of active time.  This session ended with a crash.


 


Error: (01/02/2012 11:27:03 AM) (Source: Microsoft Office 12 Sessions)(User: )


Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 837 seconds with 600 seconds of active time.  This session ended with a crash.


 


Error: (10/23/2011 03:25:17 PM) (Source: Microsoft Office 12 Sessions)(User: )


Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.


 


 


==================== Memory info ===========================


 


Percentage of memory in use: 65%


Total physical RAM: 3892.52 MB


Available physical RAM: 1325.38 MB


Total Pagefile: 7783.23 MB


Available Pagefile: 5029.27 MB


Total Virtual: 8192 MB


Available Virtual: 8191.79 MB


 


==================== Drives ================================


 


Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:115.83 GB) NTFS


 


==================== MBR & Partition Table ==================


 


========================================================


Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 7188B833)


Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)


Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)


Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)


 


==================== End Of Log ============================

Link to post
Share on other sites

OK, you have a far more dangerous virus than Scorpion also.

Please read the following information first.

 

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

I would change all my passwords and keep a close eye on all your sensitive accounts.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

Oh my gosh!  But it all works, you are amazing.  Thank you so much.  I did the important changes to my security, of passwords, etc.  And then I proceeded to clean the computer.  Here are my reports.   At the end of this cleanup, my windows firewall is being managed by vendor application McAfee Personal Firewall, my internet is working fine, window updates were current and my windows Defender is back and wanting to do a scan.  

 

 

Fixlog.txt log:

 

HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"

U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\   \...\???\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

C:\Windows\system32\AdpeakProxy64.dll

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU - No Name - {8413196D-E290-4418-B5C6-A3B1379A909C} -  No File

Toolbar: HKCU - No Name - {F999A48B-1950-4D81-9971-79018F807B4B} -  No File

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File

Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File

FF Extension: ScorpionSaver - C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\Extensions\ScorpionSaver@jetpack

C:\Users\Debbie\AppData\Local\Google\Desktop\Install

C:\Program Files (x86)\Google\Desktop\Install

C:\Users\Debbie\AppData\Local\Temp\dhddur7u.dll

C:\Users\Debbie\AppData\Local\Temp\Quarantine.exe

DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

 

===========================================================

 

 

Mbar-log (I had two files)

 

FIRST ONE:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

www.malwarebytes.org

 

Database version: v2013.12.07.02

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16428

Debbie :: DEBBIE-DELL [administrator]

 

12/06/13 10:34:13 PM

mbar-log-2013-12-06 (22-34-13).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled:

Objects scanned: 258472

Time elapsed: 32 minute(s), 19 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 1

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update^ (Trojan.Zaccess) -> Data:  -> Delete on reboot.

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 14

C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙ (Trojan.0Access) -> Delete on reboot.

C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙\Ⱒ (Trojan.0Access) -> Delete on reboot.

C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙\Ⱒ\ (Trojan.0Access) -> Delete on reboot.

C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙\Ⱒ\\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} (Trojan.0Access) -> Delete on reboot.

C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙\Ⱒ\\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L (Trojan.0Access) -> Delete on reboot.

C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙\Ⱒ\\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U (Trojan.0Access) -> Delete on reboot.

C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} (Trojan.0Access) -> Delete on reboot.

c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\    (Trojan.0Access) -> Delete on reboot.

c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\   \... (Trojan.0Access) -> Delete on reboot.

c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\   \...\ (Trojan.0Access) -> Delete on reboot.

c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\   \...\\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} (Trojan.0Access) -> Delete on reboot.

c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\   \...\\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\l (Trojan.0Access) -> Delete on reboot.

c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\   \...\\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\u (Trojan.0Access) -> Delete on reboot.

C:\Program Files (x86)\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} (Trojan.0Access) -> Delete on reboot.

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 

===========================================

 

SECOND ONE:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

www.malwarebytes.org

 

Database version: v2013.10.02.12

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16428

Debbie :: DEBBIE-DELL [administrator]

 

12/06/13 11:27:07 PM

mbar-log-2013-12-06 (23-27-07).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled:

Objects scanned: 249175

Time elapsed: 26 minute(s), 3 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

=======================================

 

SYSTEM-LOG:

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

Account is Administrative

 

Internet Explorer version: 11.0.9600.16428

 

Java version: 1.6.0_31

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.261000 GHz

Memory total: 4081606656, free: 2150969344

 

Downloaded database version: v2013.12.07.02

Downloaded database version: v2013.10.11.02

=======================================

Initializing...

------------ Kernel report ------------

     12/06/2013 22:34:08

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\mfehidk.sys

\SystemRoot\System32\Drivers\PxHlpa64.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\mfewfpk.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\??\C:\Windows\system32\drivers\avgtpx64.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\??\C:\Windows\system32\drivers\ElRawDsk.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl664.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\L1C62x64.sys

\SystemRoot\system32\drivers\i8042prt.sys

\??\C:\Windows\system32\drivers\epfilter.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\Impcd.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\bcmvwl64.sys

\SystemRoot\system32\DRIVERS\wanatw64.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\system32\drivers\mfeavfk.sys

\SystemRoot\system32\drivers\mfefirek.sys

\SystemRoot\system32\DRIVERS\mfencbdc.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\CtClsFlt.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\LHidFilt.Sys

\SystemRoot\system32\DRIVERS\LMouFilt.Sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\SaiH8000.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\DRIVERS\ACFSDK64.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\system32\drivers\mfeapfk.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\ACFXAU64.sys

\??\C:\Program Files (x86)\AOL\DataMask by AOL\epinject64.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\DRIVERS\asyncmac.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\system32\DRIVERS\usbscan.sys

\SystemRoot\system32\DRIVERS\usbprint.sys

\SystemRoot\system32\DRIVERS\dot4usb.sys

\SystemRoot\system32\DRIVERS\Dot4.sys

\SystemRoot\system32\DRIVERS\Dot4Prt.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\drivers\btusbflt.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\system32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\system32\DRIVERS\btwavdt.sys

\SystemRoot\system32\drivers\btwaudio.sys

\SystemRoot\system32\DRIVERS\btwl2cap.sys

\SystemRoot\system32\DRIVERS\btwrchid.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8004c54060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa800498d050

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8004c54060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004afa9d0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8004c54060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800498d050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 7188B833

 

Partition information:

 

    Partition 0 type is Other (0xde)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 2048  Numsec = 204800

 

    Partition 1 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 206848  Numsec = 30720000

    Partition file system is NTFS

    Partition is bootable

 

    Partition 2 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 30926848  Numsec = 594213552

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 320072933376 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...

Done!

Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update^ --> [Trojan.Zaccess]

Infected: C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙ --> [Trojan.0Access]

Infected: C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙\Ⱒ --> [Trojan.0Access]

Infected: C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙\Ⱒ\ --> [Trojan.0Access]

Infected: C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙\Ⱒ\\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} --> [Trojan.0Access]

Infected: C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙\\\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L --> [Trojan.0Access]

Infected: C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙\Ⱒ\\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U --> [Trojan.0Access]

Infected: C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} --> [Trojan.0Access]

Infected: c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\    --> [Trojan.0Access]

Infected: c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\   \... --> [Trojan.0Access]

Infected: c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\   \...\ --> [Trojan.0Access]

Infected: c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\   \...\\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} --> [Trojan.0Access]

Infected: c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\   \...\\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\l --> [Trojan.0Access]

Infected: c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\   \...\\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\u --> [Trojan.0Access]

Infected: C:\Program Files (x86)\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} --> [Trojan.0Access]

Scan finished

Creating System Restore point...

Cleaning up...

Executing an action fixdamage.exe...

Success!

Queuing an action fixdamage.exe

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

Account is Administrative

 

Internet Explorer version: 11.0.9600.16428

 

Java version: 1.6.0_31

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.261000 GHz

Memory total: 4081606656, free: 2496331776

 

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

Account is Administrative

 

Internet Explorer version: 11.0.9600.16428

 

Java version: 1.6.0_31

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.261000 GHz

Memory total: 4081606656, free: 1494990848

 

=======================================

Initializing...

------------ Kernel report ------------

     12/06/2013 23:27:01

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\System32\drivers\imofugc.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\mfehidk.sys

\SystemRoot\System32\Drivers\PxHlpa64.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\mfewfpk.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\??\C:\Windows\system32\drivers\avgtpx64.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\??\C:\Windows\system32\drivers\ElRawDsk.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl664.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\L1C62x64.sys

\SystemRoot\system32\drivers\i8042prt.sys

\??\C:\Windows\system32\drivers\epfilter.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\Impcd.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\bcmvwl64.sys

\SystemRoot\system32\DRIVERS\wanatw64.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\system32\drivers\mfeavfk.sys

\SystemRoot\system32\drivers\mfefirek.sys

\SystemRoot\system32\DRIVERS\mfencbdc.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\CtClsFlt.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\LHidFilt.Sys

\SystemRoot\system32\DRIVERS\LMouFilt.Sys

\SystemRoot\system32\DRIVERS\SaiH8000.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbscan.sys

\SystemRoot\system32\DRIVERS\usbprint.sys

\SystemRoot\system32\DRIVERS\dot4usb.sys

\SystemRoot\system32\DRIVERS\Dot4.sys

\SystemRoot\system32\DRIVERS\Dot4Prt.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\DRIVERS\ACFSDK64.sys

\SystemRoot\system32\drivers\btusbflt.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\system32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\system32\DRIVERS\btwavdt.sys

\SystemRoot\system32\drivers\btwaudio.sys

\SystemRoot\system32\DRIVERS\btwl2cap.sys

\SystemRoot\system32\DRIVERS\btwrchid.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\system32\drivers\mfeapfk.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\ACFXAU64.sys

\??\C:\Program Files (x86)\AOL\DataMask by AOL\epinject64.sys

\SystemRoot\system32\drivers\cfwids.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\SystemRoot\system32\drivers\spsys.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8004c6a060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa8004940050

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8004c6a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004aef9e0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8004c6a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8004940050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 7188B833

 

Partition information:

 

    Partition 0 type is Other (0xde)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 2048  Numsec = 204800

 

    Partition 1 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 206848  Numsec = 30720000

    Partition file system is NTFS

    Partition is bootable

 

    Partition 2 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 30926848  Numsec = 594213552

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 320072933376 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...

Done!

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_206848_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...

Removal finished

 

===============================================

Link to post
Share on other sites

I need to see the complete Fixlog.txt!

Then ......

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Link to post
Share on other sites

Mr C, I am SO sorry, I have goofed up.  So now I need to be very sure I understand what you are asking, as I did the fixlist wrong.  I sent you all of the report, so I goofed up.  You asked me to:

Download the attached fixlist.txt to the same folder as FRST.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

 

I am sorry to be so dense, but how do I download this file to the same folder as FRST?  I have a notepad FRST but no folder.  And I could not find the FRST.exe file in my downloads.  Is it too late to redo this step? 

 

I will do nothing more until I hear back from you.

 

I hope I didn't mess everything up.

 

Debbie

Link to post
Share on other sites

Download FRST64.exe again

 

Now right click on it and choose "Copy"

Go to your desktop and right click and choose "Paste"

That should put FRST64.exe on your desktop.

Now do the same for the fixlist.txt

Now they both should be on your desktop

Run (double click on) FRST64.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

MrC

Link to post
Share on other sites

I got it!!!  Thanks for your baby instructions for me.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-12-2013

Ran by Debbie at 2013-12-07 19:28:11 Run:1
Running from C:\Users\Debbie\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\   \...\???\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Windows\system32\AdpeakProxy64.dll
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {8413196D-E290-4418-B5C6-A3B1379A909C} -  No File
Toolbar: HKCU - No Name - {F999A48B-1950-4D81-9971-79018F807B4B} -  No File
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
FF Extension: ScorpionSaver - C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\Extensions\ScorpionSaver@jetpack
C:\Users\Debbie\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\Users\Debbie\AppData\Local\Temp\dhddur7u.dll
C:\Users\Debbie\AppData\Local\Temp\Quarantine.exe
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
 
 
*****************
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => Key deleted successfully.
*etadpug => Service deleted successfully.
C:\Windows\system32\AdpeakProxy64.dll => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8413196D-E290-4418-B5C6-A3B1379A909C} => Value deleted successfully.
HKCR\CLSID\{8413196D-E290-4418-B5C6-A3B1379A909C} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F999A48B-1950-4D81-9971-79018F807B4B} => Value deleted successfully.
HKCR\CLSID\{F999A48B-1950-4D81-9971-79018F807B4B} => Key not found.
HKCR\PROTOCOLS\Handler\cozi => Key deleted successfully.
HKCR\CLSID\{5356518D-FE9C-4E08-9C1F-1E872ECD367F} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\gopher => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{79eac9e4-baf9-11ce-8c82-00aa004ba90b} => Key not found.
C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\Extensions\ScorpionSaver@jetpack => Moved successfully.
C:\Users\Debbie\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\dhddur7u.dll => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Quarantine.exe => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
 
==== End of Fixlog ====
 
RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Debbie [Admin rights]
Mode : Scan -- Date : 12/07/2013 19:44:11
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 11 ¤¤¤
[sERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\   \...\???ﯹ๛\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\GoogleUpdate.exe" < [x]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 1 ¤¤¤
[Debbie][sUSP PATH] _uninst_05648578.lnk : C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_05648578.lnk @C:\Users\Debbie\AppData\Local\Temp\_uninst_05648578.bat [-][x] -> FOUND
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] 5ea7e81eaf591d3ec1f78e1d30874d01
[bSP] b7b3eb14adfd50ca04b936abaf85fbb5 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_12072013_194411.txt >>
 
 
 
 
Link to post
Share on other sites

Great!

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

 

[sERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\ \...\???ﯹ๛\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\GoogleUpdate.exe" < [x]) -> FOUND

Now click Delete on the right hand column under Options

-------------

Then.......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Mr C,

 

Thank you for your quick response and for working so late.  

I am not sure what exactly I am to do here.  I ran the RogueKiller again, did the scan, and under the registry tab I had 12 files that were all checked.  

I'm not sure what you want checked and unchecked, nor did I understand the quote you have here.  I have no files of the 12 found that start with [service][ZeroAccess] HKLM\.....

 

deb

 

Link to post
Share on other sites

RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Debbie [Admin rights]

Mode : Scan -- Date : 12/07/2013 21:24:53

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 11 ¤¤¤

[sERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\   \...\???ﯹ๛\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\GoogleUpdate.exe" < [x]) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND

[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 1 ¤¤¤

[Debbie][sUSP PATH] _uninst_05648578.lnk : C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_05648578.lnk @C:\Users\Debbie\AppData\Local\Temp\_uninst_05648578.bat [-][x] -> FOUND

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection : ZeroAccess ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545032B9A300 +++++

--- User ---

[MBR] 5ea7e81eaf591d3ec1f78e1d30874d01

[bSP] b7b3eb14adfd50ca04b936abaf85fbb5 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_12072013_212453.txt >>
Link to post
Share on other sites

This is the one I want deleted.

[sERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\ \...\???ﯹ๛\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\GoogleUpdate.exe" < [x]) -> FOUND

You can just run the scan again and hit the delete button...no harm done.

Reboot and run another scan to confirm it's gone.

MrC

Link to post
Share on other sites

I found it! (I was being overly cautious) and deleted the one file.   I rebooted, rescanned and here is the report. --- appears the file is gone.   Again, thanks for being there.  Do you want me to continue with your earlier directions starting with the ComboFix?

 

 

 

RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Debbie [Admin rights]
Mode : Scan -- Date : 12/07/2013 22:09:16
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 10 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 1 ¤¤¤
[Debbie][sUSP PATH] _uninst_05648578.lnk : C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_05648578.lnk @C:\Users\Debbie\AppData\Local\Temp\_uninst_05648578.bat [-][x] -> FOUND
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] 5ea7e81eaf591d3ec1f78e1d30874d01
[bSP] b7b3eb14adfd50ca04b936abaf85fbb5 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_12072013_220916.txt >>
Link to post
Share on other sites

MrC, 

 

I hope you won't shoot me!  I screwed up and had to restore my computer back until yesterday,  so I had to rerun the RogueKiller.  Here is the new report.  i deleted the files as you had previously told me. And my computer is running extremely slow!  

 

 

RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Debbie [Admin rights]
Mode : Scan -- Date : 12/08/2013 22:39:21
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\?��?��?��\?��?��?��\???ﯹ๛\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\GoogleUpdate.exe" >) -> FOUND
[RUN][ZeroAccess] HKUS\S-1-5-21-859821945-3822535395-818512663-1000\[...]\Run : Google Update ("C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\?��?��?��\?��?��?��\???ﯹ๛\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\GoogleUpdate.exe" >) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 1 ¤¤¤
[Debbie][sUSP PATH] _uninst_05648578.lnk : C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_05648578.lnk @C:\Users\Debbie\AppData\Local\Temp\_uninst_05648578.bat [-][x] -> FOUND
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] 5ea7e81eaf591d3ec1f78e1d30874d01
[bSP] b7b3eb14adfd50ca04b936abaf85fbb5 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_12082013_223919.txt >>
RKreport[0]_D_12082013_213107.txt;RKreport[0]_S_12082013_213039.txt
Link to post
Share on other sites

This is crazy.  How am I getting infected?  I am not a surfer, nor do I open up attachments unless I confirm from the sender they are good.  Or is this a past one still lurking?  Thanks so much for your patience!  I Already had the Farbar Recovery on my computer, so I ran another scan from that.  

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-12-2013
Ran by Debbie (administrator) on DEBBIE-DELL on 09-12-2013 13:03:36
Running from C:\Users\Debbie\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Memeo) C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(AOL) C:\Program Files (x86)\AOL\DataMask by AOL\epservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(AOL) C:\Program Files (x86)\AOL\DataMask by AOL\ep.exe
(AOL) C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Webshots.com) C:\Program Files (x86)\Webshots\3.1.5.7619\Webshots.scr
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-13] (Dell)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
MountPoints2: E - E:\LaunchU3.exe -a
MountPoints2: H - H:\LaunchU3.exe -a
MountPoints2: {056b6265-78ff-11e0-be3b-c44619fd34a2} - E:\AutoRun.exe
MountPoints2: {056b6270-78ff-11e0-be3b-c44619fd34a2} - E:\AutoRun.exe
MountPoints2: {056b627d-78ff-11e0-be3b-c44619fd34a2} - E:\AutoRun.exe
MountPoints2: {097a27df-6baf-11e0-b9c1-c44619fd34a2} - E:\AutoRun.exe
MountPoints2: {097a2803-6baf-11e0-b9c1-c44619fd34a2} - E:\AutoRun.exe
MountPoints2: {2e3ae15a-f82f-11e0-9a34-c44619fd34a2} - "E:\WD SmartWare.exe" autoplay=true
MountPoints2: {3a03f7dd-6df0-11e0-9c28-00038a000015} - E:\AutoRun.exe
MountPoints2: {3a03f7e9-6df0-11e0-9c28-00038a000015} - E:\AutoRun.exe
MountPoints2: {4c86b20b-ea9e-11df-aca7-00038a000015} - "E:\WD SmartWare.exe" autoplay=true
MountPoints2: {a6b050e8-3bac-11e1-9810-c44619fd34a2} - H:\LaunchU3.exe -a
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
Startup: C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> C:\Program Files (x86)\Webshots\3.1.5.7619\Launcher.exe (Webshots.com)
Startup: C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_05648578.lnk
ShortcutTarget: _uninst_05648578.lnk -> C:\Users\Debbie\AppData\Local\Temp\_uninst_05648578.bat (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
BootExecute: autocheck autochk /p \??\F:autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://kolbi.msn.com/?rd=1&ucc=CR&dcc=CR&opt=0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x760B2275FDECCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {907C29F0-1F7C-41DE-B59B-CF7830BD034C} URL = 
BHO: DataMask by AOL - {3955aa73-8c60-4a9b-acdb-0c2edb1b6748} - C:\Program Files (x86)\AOL\DataMask by AOL\epbho64.dll (AOL)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: DataMask by AOL - {ff507020-a257-4527-a222-b6f5732e55ee} - C:\Program Files (x86)\AOL\DataMask by AOL\plbho64.dll (AOL)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {8413196D-E290-4418-B5C6-A3B1379A909C} -  No File
Toolbar: HKCU - No Name - {F999A48B-1950-4D81-9971-79018F807B4B} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @update.sentrybay.com/SentryBay Update;version=8 - C:\Program Files (x86)\SentryBay\Update\1.0.0.7621\npSentryBayOneClick8.dll (AOL)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\Extensions\ScorpionSaver@jetpack
FF HKLM\...\Firefox\Extensions: [sss@sentrybay.com] - C:\Program Files (x86)\AOL\DataMask by AOL\ffext
FF Extension: DataMask by AOL - C:\Program Files (x86)\AOL\DataMask by AOL\ffext
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [sss@sentrybay.com] - C:\Program Files (x86)\AOL\DataMask by AOL\ffext
FF Extension: DataMask by AOL - C:\Program Files (x86)\AOL\DataMask by AOL\ffext
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [bjaehcnihbogidpfieaepehilfecnodk] - C:\Program Files (x86)\AOL\DataMask by AOL\phishlock.crx
CHR HKLM-x32\...\Chrome\Extension: [kochbcmingebnmbcpbbpfpmipakoipge] - C:\Program Files (x86)\AOL\DataMask by AOL\phishlock.crx
 
==================== Services (Whitelisted) =================
 
R2 EntryProtect; C:\Program Files (x86)\AOL\DataMask by AOL\epservice.exe [45896 2013-04-30] (AOL)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MemeoBackgroundService; C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [25824 2009-11-12] (Memeo)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 sbupdate; C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe [129904 2012-05-26] (AOL)
S4 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [118272 2008-07-24] (WDC)
R2 WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [1978256 2011-08-01] (Western Digital )
R2 WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [1338256 2011-08-01] (Western Digital )
S4 XAudioService; C:\Windows\system32\DRIVERS\ACFXAU64.exe [410624 2007-05-09] (Conexant Systems, Inc.)
S4 AGCoreService; "C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe" [x]
S2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [x]
S2 vToolbarUpdater17.1.3; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 acfva; C:\Windows\System32\DRIVERS\ACFVA64.sys [121856 2007-04-26] (Conexant Systems Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-21] (AVG Technologies)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.)
S3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP64.sys [35200 2007-05-09] (Conexant Systems, Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-09-17] (EldoS Corporation)
R3 epfilter; C:\Windows\system32\drivers\epfilter.sys [21312 2013-08-12] (SentryBay)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R2 mdmxsdk; C:\Windows\System32\DRIVERS\ACFSDK64.sys [17024 2007-03-15] (Conexant)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.)
R3 SaiH8000; C:\Windows\System32\DRIVERS\SaiH8000.sys [178560 2008-04-04] (Saitek)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-12-09] ()
R2 XAudio; C:\Windows\System32\DRIVERS\ACFXAU64.sys [10240 2007-05-09] (Conexant Systems, Inc.)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-08 23:45 - 2013-12-08 23:46 - 00000000 ____D C:\Users\Debbie\Desktop\HOA Acctg
2013-12-08 21:21 - 2013-12-08 23:40 - 00000000 ____D C:\Users\Debbie\Desktop\RK reports
2013-12-08 18:30 - 2013-12-08 18:30 - 04166144 _____ C:\Users\Debbie\Downloads\RogueKillerX64.exe
2013-12-06 22:34 - 2013-12-08 08:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-06 22:34 - 2013-12-06 23:27 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-06 22:31 - 2013-12-06 23:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-06 22:30 - 2013-12-08 08:21 - 00000000 ____D C:\Users\Debbie\Desktop\mbar
2013-12-06 22:29 - 2013-12-08 08:21 - 00000000 ____D C:\Users\Debbie\Desktop\Malwarbytes Anti-Rootkit
2013-12-06 22:28 - 2013-12-06 22:29 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Debbie\Downloads\mbar-1.07.0.1007.exe
2013-12-06 12:06 - 2013-12-06 12:17 - 00033569 _____ C:\Users\Debbie\Downloads\Addition.txt
2013-12-06 12:05 - 2013-12-09 13:03 - 00018152 _____ C:\Users\Debbie\Downloads\FRST.txt
2013-12-06 12:05 - 2013-12-08 08:21 - 00000000 ____D C:\FRST
2013-12-06 12:04 - 2013-12-06 12:04 - 01925820 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64.exe
2013-12-06 01:37 - 2013-12-09 07:33 - 00000448 _____ C:\Windows\setupact.log
2013-12-06 01:37 - 2013-12-06 01:37 - 00000000 _____ C:\Windows\setuperr.log
2013-12-05 23:02 - 2013-12-08 08:21 - 00000000 ____D C:\Users\Debbie\Desktop\Scorpion Forum clean up reports
2013-12-05 08:15 - 2013-12-05 08:15 - 00688992 ____R (Swearware) C:\Users\Debbie\Downloads\dds.scr
2013-12-03 22:59 - 2013-12-03 22:59 - 00002722 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task
2013-12-03 22:55 - 2013-12-03 22:55 - 05162600 _____ (ParetoLogic, Inc.) C:\Users\Debbie\Downloads\Repair-tool.exe
2013-12-03 21:35 - 2013-12-03 21:37 - 22791896 _____ (Microsoft Corporation) C:\Users\Debbie\Downloads\Windows-KB890830-x64-V5.6.exe
2013-12-03 17:59 - 2013-12-03 18:49 - 00000000 ____D C:\Users\Debbie\Downloads\myuninst
2013-12-03 17:58 - 2013-12-03 17:58 - 00046124 _____ C:\Users\Debbie\Downloads\myuninst.zip
2013-12-03 16:14 - 2013-12-03 16:19 - 00015066 _____ C:\Users\Debbie\Downloads\SystemLook.txt
2013-12-03 14:26 - 2013-12-03 14:26 - 00000000 ____D C:\_OTM
2013-12-03 14:11 - 2013-12-03 14:11 - 00522240 _____ (OldTimer Tools) C:\Users\Debbie\Downloads\OTM.exe
2013-12-03 12:42 - 2013-12-03 12:42 - 00165376 _____ C:\Users\Debbie\Downloads\SystemLook_x64.exe
2013-12-03 12:32 - 2013-12-03 12:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 12:32 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-03 12:29 - 2013-12-03 12:30 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Debbie\Downloads\mbam-setup-1-1.75.0.1300.exe
2013-12-03 11:28 - 2013-12-05 23:04 - 00000000 ____D C:\AdwCleaner
2013-12-03 11:27 - 2013-12-03 11:27 - 01110034 _____ C:\Users\Debbie\Downloads\AdwCleaner.exe
2013-12-03 11:07 - 2013-12-03 11:07 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-12-03 10:19 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2013-12-03 10:18 - 2013-12-03 10:18 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-12-03 10:17 - 2013-12-06 01:37 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-03 10:17 - 2013-12-03 10:17 - 00000000 ____D C:\Program Files\McAfee.com
2013-12-03 09:36 - 2013-11-04 16:46 - 00182752 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2013-12-03 09:26 - 2013-12-03 09:36 - 05131824 _____ (McAfee, Inc.) C:\Users\Debbie\Downloads\McAfeeSetup-Serial.exe
2013-11-29 00:25 - 2013-11-29 00:25 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Malwarebytes
2013-11-29 00:25 - 2013-11-29 00:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-29 00:22 - 2013-11-29 00:23 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Debbie\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-28 23:22 - 2013-11-28 23:22 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\McAFee TechCheck
2013-11-28 23:20 - 2013-11-28 23:24 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\TechCheck
2013-11-28 23:20 - 2000-05-22 01:00 - 00244416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msflxgrd.ocx
2013-11-28 23:20 - 2000-05-22 01:00 - 00203976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX
2013-11-28 09:50 - 2013-12-03 10:18 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-11-28 09:24 - 2013-11-28 09:31 - 00000000 ____D C:\Program Files\stinger
2013-11-28 06:27 - 2013-11-28 06:27 - 00002004 _____ C:\Users\Debbie\Desktop\Workout List 8-7-13 - Shortcut.lnk
2013-11-27 21:51 - 2013-11-27 21:53 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-27 21:51 - 2013-11-27 21:52 - 00000000 ____D C:\Program Files\iTunes
2013-11-27 21:51 - 2013-11-27 21:52 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-27 21:51 - 2013-11-27 21:51 - 00000000 ____D C:\Program Files\iPod
2013-11-27 20:10 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll
2013-11-27 17:04 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-27 17:01 - 2013-11-27 17:01 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-27 17:01 - 2013-11-27 17:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-27 17:01 - 2013-11-27 17:01 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-27 17:01 - 2013-11-27 17:01 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-27 17:01 - 2013-11-27 17:01 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-27 17:01 - 2013-11-27 17:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-27 17:01 - 2013-11-27 17:01 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-27 17:01 - 2013-11-27 17:01 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-27 17:01 - 2013-11-27 17:01 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-27 17:01 - 2013-11-27 17:01 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-27 17:01 - 2013-11-27 17:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-27 16:58 - 2013-11-27 17:04 - 00007514 _____ C:\Windows\IE11_main.log
2013-11-27 16:52 - 2013-11-27 16:52 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-27 16:52 - 2013-11-27 16:52 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-25 22:20 - 2013-11-25 22:20 - 00006148 ____H C:\Users\Public\.DS_Store
2013-11-19 16:35 - 2013-11-27 08:02 - 00002429 _____ C:\Users\Debbie\Desktop\Scott's Weight - Shortcut.lnk
2013-11-15 13:51 - 2013-11-15 13:58 - 00000000 ____D C:\bbc32f117dc597ff11b76deb
2013-11-14 20:49 - 2013-10-05 14:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 20:49 - 2013-10-05 13:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 20:49 - 2013-10-03 20:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 20:49 - 2013-10-03 20:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 20:49 - 2013-10-03 20:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 20:49 - 2013-10-03 19:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 20:49 - 2013-10-03 19:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 20:49 - 2013-10-03 19:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 20:49 - 2013-09-27 19:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 20:48 - 2013-10-11 20:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 20:48 - 2013-10-11 20:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 20:48 - 2013-10-11 20:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 20:48 - 2013-10-11 20:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 20:48 - 2013-10-11 20:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 20:48 - 2013-10-02 20:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 20:48 - 2013-10-02 20:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 20:48 - 2013-09-24 20:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 20:48 - 2013-09-24 20:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 20:48 - 2013-09-24 20:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 20:48 - 2013-09-24 20:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 20:48 - 2013-09-24 20:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 20:48 - 2013-09-24 20:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 20:48 - 2013-09-24 20:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 20:48 - 2013-09-24 20:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 20:48 - 2013-09-24 19:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 20:48 - 2013-09-24 19:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 20:48 - 2013-09-24 19:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 20:48 - 2013-09-24 19:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 20:48 - 2013-09-24 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 20:48 - 2013-07-04 06:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
 
==================== One Month Modified Files and Folders =======
 
2014-09-26 09:28 - 2011-03-26 10:05 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2014-09-26 09:12 - 2011-03-26 10:05 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2014-09-26 09:07 - 2011-03-26 10:05 - 00003456 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-09-26 08:57 - 2011-03-26 10:05 - 00004276 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-12-09 13:04 - 2013-12-06 12:05 - 00018152 _____ C:\Users\Debbie\Downloads\FRST.txt
2013-12-09 13:02 - 2012-05-26 22:57 - 00000892 _____ C:\Windows\Tasks\SentryBayUpdateTaskMachineUA.job
2013-12-09 12:39 - 2011-10-02 00:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-09 12:31 - 2012-04-09 23:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-09 08:38 - 2011-10-02 00:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-09 08:32 - 2009-07-13 23:10 - 01076493 _____ C:\Windows\WindowsUpdate.log
2013-12-09 07:45 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-09 07:45 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-09 07:36 - 2013-10-28 21:27 - 00002848 _____ C:\Windows\System32\Tasks\DriverUpdate Startup
2013-12-09 07:36 - 2013-10-28 21:27 - 00000420 _____ C:\Windows\Tasks\DriverUpdate Startup.job
2013-12-09 07:34 - 2013-10-28 21:27 - 00016152 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2013-12-09 07:34 - 2012-05-26 22:57 - 00000888 _____ C:\Windows\Tasks\SentryBayUpdateTaskMachineCore.job
2013-12-09 07:34 - 2010-09-02 22:31 - 00000000 ____D C:\Users\Debbie\AppData\Local\SoftThinks
2013-12-09 07:34 - 2010-07-12 18:50 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-12-09 07:34 - 2010-07-12 18:50 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-12-09 07:34 - 2010-07-12 18:34 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-12-09 07:33 - 2013-12-06 01:37 - 00000448 _____ C:\Windows\setupact.log
2013-12-09 07:33 - 2011-04-23 15:18 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-12-09 07:33 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-09 07:32 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\tracing
2013-12-09 00:02 - 2011-10-03 02:09 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Dropbox
2013-12-08 23:59 - 2011-10-03 02:13 - 00000000 ___RD C:\Users\Debbie\Dropbox
2013-12-08 23:46 - 2013-12-08 23:45 - 00000000 ____D C:\Users\Debbie\Desktop\HOA Acctg
2013-12-08 23:40 - 2013-12-08 21:21 - 00000000 ____D C:\Users\Debbie\Desktop\RK reports
2013-12-08 21:38 - 2009-07-13 23:13 - 00852936 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-08 18:30 - 2013-12-08 18:30 - 04166144 _____ C:\Users\Debbie\Downloads\RogueKillerX64.exe
2013-12-08 10:13 - 2012-04-19 12:37 - 00000000 ____D C:\Users\Debbie\AppData\Local\BCE66ED4-FCC7-4397-B8C3-53BA4963CEE9.aplzod
2013-12-08 08:33 - 2011-10-02 00:53 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-08 08:33 - 2011-10-02 00:53 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-08 08:27 - 2010-09-02 22:31 - 00000000 ____D C:\Users\Debbie
2013-12-08 08:21 - 2013-12-06 22:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-08 08:21 - 2013-12-06 22:30 - 00000000 ____D C:\Users\Debbie\Desktop\mbar
2013-12-08 08:21 - 2013-12-06 22:29 - 00000000 ____D C:\Users\Debbie\Desktop\Malwarbytes Anti-Rootkit
2013-12-08 08:21 - 2013-12-06 12:05 - 00000000 ____D C:\FRST
2013-12-08 08:21 - 2013-12-05 23:02 - 00000000 ____D C:\Users\Debbie\Desktop\Scorpion Forum clean up reports
2013-12-08 08:21 - 2013-09-18 01:20 - 00000000 ____D C:\Users\Debbie\Desktop\CDSP Troy Mac servers
2013-12-08 08:21 - 2013-02-12 13:58 - 00000000 ____D C:\Users\Debbie\Desktop\Labels
2013-12-08 08:21 - 2010-09-04 04:25 - 00000000 ___SD C:\Users\Debbie\Documents\My ScanSnap
2013-12-08 08:21 - 2009-07-14 01:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-08 08:21 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-12-08 08:21 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-08 08:21 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2013-12-08 08:21 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat
2013-12-07 03:33 - 2013-10-17 12:26 - 00000000 ____D C:\Users\Debbie\Desktop\Photos to file into folders
2013-12-06 23:27 - 2013-12-06 22:34 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-06 23:26 - 2013-12-06 22:31 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-06 23:18 - 2010-07-12 20:00 - 00362322 _____ C:\Windows\PFRO.log
2013-12-06 23:18 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\Speech
2013-12-06 22:29 - 2013-12-06 22:28 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Debbie\Downloads\mbar-1.07.0.1007.exe
2013-12-06 12:17 - 2013-12-06 12:06 - 00033569 _____ C:\Users\Debbie\Downloads\Addition.txt
2013-12-06 12:04 - 2013-12-06 12:04 - 01925820 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64.exe
2013-12-06 01:37 - 2013-12-06 01:37 - 00000000 _____ C:\Windows\setuperr.log
2013-12-06 01:37 - 2013-12-03 10:17 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-05 23:04 - 2013-12-03 11:28 - 00000000 ____D C:\AdwCleaner
2013-12-05 08:15 - 2013-12-05 08:15 - 00688992 ____R (Swearware) C:\Users\Debbie\Downloads\dds.scr
2013-12-03 22:59 - 2013-12-03 22:59 - 00002722 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task
2013-12-03 22:55 - 2013-12-03 22:55 - 05162600 _____ (ParetoLogic, Inc.) C:\Users\Debbie\Downloads\Repair-tool.exe
2013-12-03 21:37 - 2013-12-03 21:35 - 22791896 _____ (Microsoft Corporation) C:\Users\Debbie\Downloads\Windows-KB890830-x64-V5.6.exe
2013-12-03 18:49 - 2013-12-03 17:59 - 00000000 ____D C:\Users\Debbie\Downloads\myuninst
2013-12-03 17:58 - 2013-12-03 17:58 - 00046124 _____ C:\Users\Debbie\Downloads\myuninst.zip
2013-12-03 16:19 - 2013-12-03 16:14 - 00015066 _____ C:\Users\Debbie\Downloads\SystemLook.txt
2013-12-03 15:34 - 2012-08-21 13:52 - 00000000 ____D C:\ProgramData\McAfee
2013-12-03 14:26 - 2013-12-03 14:26 - 00000000 ____D C:\_OTM
2013-12-03 14:11 - 2013-12-03 14:11 - 00522240 _____ (OldTimer Tools) C:\Users\Debbie\Downloads\OTM.exe
2013-12-03 12:50 - 2011-02-12 00:07 - 00000000 ____D C:\Program Files (x86)\Safari
2013-12-03 12:42 - 2013-12-03 12:42 - 00165376 _____ C:\Users\Debbie\Downloads\SystemLook_x64.exe
2013-12-03 12:33 - 2013-12-03 12:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 12:30 - 2013-12-03 12:29 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Debbie\Downloads\mbam-setup-1-1.75.0.1300.exe
2013-12-03 11:27 - 2013-12-03 11:27 - 01110034 _____ C:\Users\Debbie\Downloads\AdwCleaner.exe
2013-12-03 11:07 - 2013-12-03 11:07 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-12-03 10:19 - 2013-10-08 23:57 - 00000000 ____D C:\Program Files\McAfee
2013-12-03 10:18 - 2013-12-03 10:18 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-12-03 10:18 - 2013-11-28 09:50 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-12-03 10:17 - 2013-12-03 10:17 - 00000000 ____D C:\Program Files\McAfee.com
2013-12-03 09:36 - 2013-12-03 09:26 - 05131824 _____ (McAfee, Inc.) C:\Users\Debbie\Downloads\McAfeeSetup-Serial.exe
2013-11-29 16:54 - 2013-09-29 21:28 - 00000000 ____D C:\Users\Debbie\Desktop\Rental Statements
2013-11-29 13:17 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-11-29 10:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-29 08:19 - 2010-09-04 16:48 - 00842006 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-29 00:32 - 2013-10-22 00:17 - 00000095 _____ C:\Users\Debbie\AppData\Roaming\WB.CFG
2013-11-29 00:32 - 2009-08-20 00:17 - 00000006 _____ C:\Users\Debbie\AppData\Roaming\WBPU-TTL.DAT
2013-11-29 00:25 - 2013-11-29 00:25 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Malwarebytes
2013-11-29 00:25 - 2013-11-29 00:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-29 00:23 - 2013-11-29 00:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Debbie\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-28 23:24 - 2013-11-28 23:20 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\TechCheck
2013-11-28 23:22 - 2013-11-28 23:22 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\McAFee TechCheck
2013-11-28 09:31 - 2013-11-28 09:24 - 00000000 ____D C:\Program Files\stinger
2013-11-28 06:27 - 2013-11-28 06:27 - 00002004 _____ C:\Users\Debbie\Desktop\Workout List 8-7-13 - Shortcut.lnk
2013-11-27 21:53 - 2013-11-27 21:51 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-27 21:52 - 2013-11-27 21:51 - 00000000 ____D C:\Program Files\iTunes
2013-11-27 21:52 - 2013-11-27 21:51 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-27 21:51 - 2013-11-27 21:51 - 00000000 ____D C:\Program Files\iPod
2013-11-27 21:35 - 2010-09-02 22:31 - 00000000 ___RD C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-27 19:03 - 2010-09-02 22:37 - 00001415 _____ C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-27 17:04 - 2013-11-27 16:58 - 00007514 _____ C:\Windows\IE11_main.log
2013-11-27 17:01 - 2013-11-27 17:01 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-27 17:01 - 2013-11-27 17:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-27 17:01 - 2013-11-27 17:01 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-27 17:01 - 2013-11-27 17:01 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-27 17:01 - 2013-11-27 17:01 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-27 17:01 - 2013-11-27 17:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-27 17:01 - 2013-11-27 17:01 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-27 17:01 - 2013-11-27 17:01 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-27 17:01 - 2013-11-27 17:01 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-27 17:01 - 2013-11-27 17:01 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-27 17:01 - 2013-11-27 17:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-27 16:52 - 2013-11-27 16:52 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-27 16:52 - 2013-11-27 16:52 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-27 16:52 - 2012-03-14 12:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-27 16:52 - 2012-03-14 12:02 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-27 16:52 - 2010-07-12 18:08 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-27 16:49 - 2010-09-03 00:50 - 00000000 ____D C:\ProgramData\Skype
2013-11-27 16:44 - 2012-04-09 23:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-27 16:44 - 2012-04-09 23:46 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-27 16:44 - 2012-03-14 15:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-27 08:02 - 2013-11-19 16:35 - 00002429 _____ C:\Users\Debbie\Desktop\Scott's Weight - Shortcut.lnk
2013-11-25 22:20 - 2013-11-25 22:20 - 00006148 ____H C:\Users\Public\.DS_Store
2013-11-21 06:52 - 2013-10-21 23:15 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-11-19 13:50 - 2009-07-13 22:54 - 00000749 ___RH C:\Windows\WindowsShell.Manifest
2013-11-19 13:50 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-19 03:33 - 2010-09-03 00:14 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-18 13:41 - 2009-07-13 20:34 - 00000608 _____ C:\Windows\win.ini
2013-11-18 12:08 - 2013-08-07 21:53 - 00007545 _____ C:\Windows\LkmdfCoInst.log
2013-11-18 12:07 - 2013-08-07 21:53 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-11-15 14:32 - 2010-09-03 11:16 - 00000000 ____D C:\Users\Debbie\AppData\Local\Adobe
2013-11-15 14:00 - 2010-09-04 09:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-15 13:58 - 2013-11-15 13:51 - 00000000 ____D C:\bbc32f117dc597ff11b76deb
2013-11-15 13:58 - 2013-07-31 05:01 - 00000000 ____D C:\Windows\system32\MRT
 
Some content of TEMP:
====================
C:\Users\Debbie\AppData\Local\Temp\dhddur7u.dll
C:\Users\Debbie\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Debbie\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-30 07:56
 
==================== End Of Log ============================
Link to post
Share on other sites

Question: This is crazy. How am I getting infected?

Answer: I screwed up and had to restore my computer back until yesterday,

HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)

-------------------------------------------------------------

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

Touché!  I deserved that.  And speaking of restoring and bringing back in the virus......does this mean my passport, external backup, is virused too?  I disconnected it about two weeks ago, suspecting trouble and have not used it since.  Do I dare plug it in and try to recapture files off of it?

 

I followed your directions above and the reports are below.  In my first scan of mbar.exe, it showed I had no malware and no cleanup was necessary.  So I skipped the second scan.

 

At the end of all this my internet is working fine, my updates are current and my McAfee firewall is on.

 

=======================================

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-12-2013

Ran by Debbie at 2013-12-09 19:04:26 Run:2

Running from C:\Users\Debbie\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)

*****************

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.

 

==== End of Fixlog ====

 

 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

www.malwarebytes.org

 

Database version: v2013.12.09.08

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16428

Debbie :: DEBBIE-DELL [administrator]

 

12/09/13 7:17:48 PM

mbar-log-2013-12-09 (19-17-48).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 258187

Time elapsed: 33 minute(s), 52 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 

 

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

Account is Administrative

 

Internet Explorer version: 11.0.9600.16428

 

Java version: 1.6.0_31

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.261000 GHz

Memory total: 4081606656, free: 1941450752

 

Downloaded database version: v2013.12.09.08

Downloaded database version: v2013.10.11.02

=======================================

Initializing...

------------ Kernel report ------------

     12/09/2013 19:17:42

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\mfehidk.sys

\SystemRoot\System32\Drivers\PxHlpa64.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\mfewfpk.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\??\C:\Windows\system32\drivers\avgtpx64.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\??\C:\Windows\system32\drivers\ElRawDsk.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl664.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\L1C62x64.sys

\SystemRoot\system32\drivers\i8042prt.sys

\??\C:\Windows\system32\drivers\epfilter.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\Impcd.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\bcmvwl64.sys

\SystemRoot\system32\DRIVERS\wanatw64.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\system32\drivers\mfeavfk.sys

\SystemRoot\system32\drivers\mfefirek.sys

\SystemRoot\system32\DRIVERS\mfencbdc.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\CtClsFlt.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\LHidFilt.Sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\LMouFilt.Sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\SaiH8000.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\DRIVERS\ACFSDK64.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\system32\drivers\mfeapfk.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\ACFXAU64.sys

\??\C:\Program Files (x86)\AOL\DataMask by AOL\epinject64.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\cfwids.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\drivers\btusbflt.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\system32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\system32\DRIVERS\btwavdt.sys

\SystemRoot\system32\drivers\btwaudio.sys

\SystemRoot\system32\DRIVERS\btwl2cap.sys

\SystemRoot\system32\DRIVERS\btwrchid.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8004c66060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa800493e050

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8004c66060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004ada9d0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8004c66060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800493e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 7188B833

 

Partition information:

 

    Partition 0 type is Other (0xde)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 2048  Numsec = 204800

 

    Partition 1 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 206848  Numsec = 30720000

    Partition file system is NTFS

    Partition is bootable

 

    Partition 2 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 30926848  Numsec = 594213552

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 320072933376 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...

Done!

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_206848_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...

Removal finished

Link to post
Share on other sites

Touché! I deserved that. And speaking of restoring and bringing back in the virus......does this mean my passport, external backup, is virused too? I disconnected it about two weeks ago, suspecting trouble and have not used it since. Do I dare plug it in and try to recapture files off of it?

I think you should be OK, it wasn't a full blown infection.

Please scan the system with RogueKiller again and post the new log.

We're looking for any ZeroAccess infections.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.